GitHub Security Advisories Scraper avatar

GitHub Security Advisories Scraper

Pricing

Pay per event

Go to Apify Store
GitHub Security Advisories Scraper

GitHub Security Advisories Scraper

Monitor GHSA and CVE advisories from GitHub’s official API with ecosystem, severity, package, and date filters for DevSecOps feeds.

Pricing

Pay per event

Rating

0.0

(0)

Developer

Stas Persiianenko

Stas Persiianenko

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

7 days ago

Last modified

Categories

Share

Extract GHSA and CVE vulnerability advisories from GitHub's official Security Advisories API.

Use this Apify Actor to build scheduled security feeds, export affected package metadata, monitor high and critical advisories, and send clean data into SIEM, vulnerability-management, or dependency-risk workflows.

What does GitHub Security Advisories Scraper do?

GitHub Security Advisories Scraper collects public Global Security Advisories from GitHub.

It calls the official api.github.com/advisories endpoint.

It saves one dataset item per advisory.

Each item includes identifiers, severity, timestamps, links, CVSS data, CWE values, references, and affected packages.

The actor is HTTP/API-only and does not use a browser.

Who is it for?

DevSecOps teams

Track new GitHub Security Advisories for ecosystems your organization uses.

Security analysts

Export GHSA and CVE data into spreadsheets, dashboards, and alerting tools.

Dependency-management vendors

Build a scheduled vulnerability feed with normalized affected package fields.

Open-source maintainers

Monitor vulnerabilities affecting your packages, language ecosystem, or dependency graph.

Data teams

Collect advisory records from a stable public API without writing pagination and schema code.

Why use this actor?

  • ✅ Uses GitHub's official public REST API
  • ✅ No login required for normal public runs
  • ✅ Optional GitHub token for higher API rate limits
  • ✅ Filters by ecosystem, severity, package, CVE, GHSA, and dates
  • ✅ Normalizes nested vulnerability package/version data
  • ✅ Works well as a scheduled monitoring job
  • ✅ Outputs structured JSON ready for exports and integrations

What data can you extract?

FieldDescription
ghsaIdGitHub Security Advisory identifier
cveIdCVE identifier when available
summaryAdvisory summary
descriptionFull advisory text from GitHub
severityGitHub severity value
cvssCVSS vector and score when available
cwesCWE identifiers
identifiersGHSA/CVE identifier list
publishedAtPublished timestamp
updatedAtUpdated timestamp
withdrawnAtWithdrawn timestamp when applicable
htmlUrlHuman-readable GitHub advisory URL
referencesReference links
vulnerabilitiesAffected packages, version ranges, patches, functions
affectedEcosystemsDeduplicated ecosystems
affectedPackagesDeduplicated package names
scrapedAtActor extraction timestamp

How much does it cost to scrape GitHub Security Advisories?

This actor uses pay-per-event pricing.

There is a small run-start event.

There is a per-advisory event for each dataset item saved.

The formula-derived BRONZE per-advisory price is about $0.000028567, with lower prices on higher Apify tiers.

Because the actor uses the official API and no proxy, typical run costs are low.

Use maxItems to control the size of scheduled runs.

Quick start

  1. Open the actor on Apify.
  2. Set maxItems to the number of advisories you need.
  3. Optionally choose ecosystems such as npm, pip, maven, or go.
  4. Optionally choose severities such as critical and high.
  5. Click Start.
  6. Export the dataset as JSON, CSV, Excel, XML, RSS, or HTML.

Input options

Maximum advisories

maxItems limits the number of advisory records saved.

The default is 20.

Ecosystems

Use ecosystems to filter affected package ecosystems.

Examples:

  • npm
  • pip
  • maven
  • rubygems
  • go
  • composer
  • nuget
  • rust
  • actions

Severities

Use severities to keep selected severity levels.

Supported values:

  • low
  • medium
  • high
  • critical

Affected package

Use affectedPackage to search advisories affecting a package name.

Examples:

  • react
  • django
  • spring-framework
  • lodash

CVE ID

Use cveId for exact CVE lookups.

Example: CVE-2024-12345.

GHSA ID

Use ghsaId for exact GitHub Security Advisory lookups.

Example: GHSA-xxxx-yyyy-zzzz.

Date filters

Use publishedSince, publishedUntil, updatedSince, and updatedUntil for monitoring windows.

These filters accept ISO date strings.

Examples:

  • 2026-01-01
  • 2026-06-01T00:00:00Z

Include withdrawn advisories

includeWithdrawn controls whether withdrawn advisories are included.

It is disabled by default.

GitHub token

githubToken is optional.

Provide a GitHub token when you need higher API rate limits.

The token is marked secret in the input schema.

Example input

{
"maxItems": 20,
"ecosystems": ["npm"],
"severities": ["critical", "high"],
"includeWithdrawn": false
}

Example output

{
"ghsaId": "GHSA-qrv3-253h-g69c",
"cveId": "CVE-2026-0000",
"severity": "high",
"summary": "Example package advisory summary",
"affectedEcosystems": ["npm"],
"affectedPackages": ["example-package"],
"publishedAt": "2026-06-27T12:00:00Z",
"updatedAt": "2026-06-27T12:30:00Z",
"htmlUrl": "https://github.com/advisories/GHSA-qrv3-253h-g69c"
}

Monitoring new high-severity npm advisories

Use this input for a scheduled npm monitoring feed:

{
"maxItems": 20,
"ecosystems": ["npm"],
"severities": ["critical", "high"],
"publishedSince": "2026-01-01"
}

Run it daily or hourly depending on your workflow.

Monitoring one package

Use affectedPackage when you care about a specific dependency.

{
"maxItems": 50,
"affectedPackage": "django",
"severities": ["critical", "high", "medium"]
}

Export formats

Apify datasets can be exported as:

  • JSON
  • CSV
  • Excel
  • XML
  • RSS
  • HTML table

Integrations

Slack or email alerts

Schedule this actor and connect the dataset to an automation that alerts on new critical advisories.

SIEM enrichment

Export GHSA, CVE, CVSS, package, and reference fields into your SIEM pipeline.

Dependency risk dashboards

Load the dataset into BI tools to track vulnerability trends by ecosystem or package.

Vulnerability triage queues

Use severity, affectedPackages, and publishedAt fields to route advisory review.

API usage with Node.js

import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: process.env.APIFY_TOKEN });
const run = await client.actor('automation-lab/github-security-advisories-scraper').call({
maxItems: 100,
ecosystems: ['npm'],
severities: ['critical', 'high']
});
console.log(run.defaultDatasetId);

API usage with Python

from apify_client import ApifyClient
client = ApifyClient('MY-APIFY-TOKEN')
run = client.actor('automation-lab/github-security-advisories-scraper').call(run_input={
'maxItems': 100,
'ecosystems': ['pip'],
'severities': ['critical', 'high'],
})
print(run['defaultDatasetId'])

API usage with cURL

curl -X POST 'https://api.apify.com/v2/acts/automation-lab~github-security-advisories-scraper/runs?token=MY-APIFY-TOKEN' \
-H 'Content-Type: application/json' \
-d '{"maxItems":100,"ecosystems":["npm"],"severities":["critical","high"]}'

MCP usage

Use Apify MCP from Claude Desktop or Claude Code with this actor tool enabled.

MCP URL:

https://mcp.apify.com/?tools=automation-lab/github-security-advisories-scraper

Claude Code setup:

$claude mcp add apify-security-advisories https://mcp.apify.com/?tools=automation-lab/github-security-advisories-scraper

Claude Desktop JSON config:

{
"mcpServers": {
"apify-security-advisories": {
"url": "https://mcp.apify.com/?tools=automation-lab/github-security-advisories-scraper"
}
}
}

Example prompts:

  • "Run the GitHub Security Advisories Scraper for critical npm advisories and summarize the latest packages."
  • "Find high severity GHSA records affecting Django and list patched versions."
  • "Export the latest 100 high severity GitHub advisories as a table."

Tips for best results

  • Keep maxItems modest for frequent scheduled runs.
  • Use a GitHub token if you run many security-feed jobs.
  • Filter by ecosystem to reduce noise.
  • Filter by severity for alerting workflows.
  • Use date filters to create rolling monitoring windows.
  • Store the last run timestamp in your own workflow if you need incremental alerts.

Rate limits

Unauthenticated GitHub API calls have lower rate limits.

Authenticated calls have higher rate limits.

If GitHub returns a rate-limit error, add a token or retry after the reset time shown in the actor log.

Data freshness

The actor reads directly from GitHub during each run.

Freshness depends on GitHub's public advisory API.

Scheduled runs are recommended for monitoring workflows.

Limitations

The actor does not scan your private repositories.

The actor does not determine whether your application is exploitable.

It extracts public advisory records and affected package metadata.

Legality

This actor uses GitHub's public API for publicly available security advisory data.

Review GitHub's API terms and your organization's data policy before automated use.

Use optional tokens responsibly and do not exceed API limits.

FAQ

Is this a GitHub CVE scraper?

Yes. It extracts public GitHub Security Advisories and includes CVE identifiers when GitHub provides them.

Can I run it on a schedule?

Yes. The actor is designed for scheduled DevSecOps monitoring and recurring advisory exports.

Troubleshooting

Why did I get a rate-limit error?

GitHub may limit unauthenticated API calls.

Add githubToken or retry after the reset time in the log.

Why are there no results?

Your filters may be too narrow.

Try removing date filters, severity filters, or package filters.

Why is cveId empty?

Some GitHub advisories do not have a CVE identifier.

Use ghsaId as the stable GitHub advisory identifier.

Explore other automation-lab actors for security, developer, and monitoring workflows:

Support

If you need a field that is available in GitHub's advisory API but missing from the dataset, open an Apify issue with a sample advisory URL.

Changelog

0.1

Initial version with official GitHub advisory API extraction, filters, normalized affected package fields, and optional GitHub token support.