GitHub Security Advisories Scraper
Pricing
Pay per event
GitHub Security Advisories Scraper
Monitor GHSA and CVE advisories from GitHub’s official API with ecosystem, severity, package, and date filters for DevSecOps feeds.
Pricing
Pay per event
Rating
0.0
(0)
Developer
Stas Persiianenko
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
7 days ago
Last modified
Categories
Share
Extract GHSA and CVE vulnerability advisories from GitHub's official Security Advisories API.
Use this Apify Actor to build scheduled security feeds, export affected package metadata, monitor high and critical advisories, and send clean data into SIEM, vulnerability-management, or dependency-risk workflows.
What does GitHub Security Advisories Scraper do?
GitHub Security Advisories Scraper collects public Global Security Advisories from GitHub.
It calls the official api.github.com/advisories endpoint.
It saves one dataset item per advisory.
Each item includes identifiers, severity, timestamps, links, CVSS data, CWE values, references, and affected packages.
The actor is HTTP/API-only and does not use a browser.
Who is it for?
DevSecOps teams
Track new GitHub Security Advisories for ecosystems your organization uses.
Security analysts
Export GHSA and CVE data into spreadsheets, dashboards, and alerting tools.
Dependency-management vendors
Build a scheduled vulnerability feed with normalized affected package fields.
Open-source maintainers
Monitor vulnerabilities affecting your packages, language ecosystem, or dependency graph.
Data teams
Collect advisory records from a stable public API without writing pagination and schema code.
Why use this actor?
- ✅ Uses GitHub's official public REST API
- ✅ No login required for normal public runs
- ✅ Optional GitHub token for higher API rate limits
- ✅ Filters by ecosystem, severity, package, CVE, GHSA, and dates
- ✅ Normalizes nested vulnerability package/version data
- ✅ Works well as a scheduled monitoring job
- ✅ Outputs structured JSON ready for exports and integrations
What data can you extract?
| Field | Description |
|---|---|
ghsaId | GitHub Security Advisory identifier |
cveId | CVE identifier when available |
summary | Advisory summary |
description | Full advisory text from GitHub |
severity | GitHub severity value |
cvss | CVSS vector and score when available |
cwes | CWE identifiers |
identifiers | GHSA/CVE identifier list |
publishedAt | Published timestamp |
updatedAt | Updated timestamp |
withdrawnAt | Withdrawn timestamp when applicable |
htmlUrl | Human-readable GitHub advisory URL |
references | Reference links |
vulnerabilities | Affected packages, version ranges, patches, functions |
affectedEcosystems | Deduplicated ecosystems |
affectedPackages | Deduplicated package names |
scrapedAt | Actor extraction timestamp |
How much does it cost to scrape GitHub Security Advisories?
This actor uses pay-per-event pricing.
There is a small run-start event.
There is a per-advisory event for each dataset item saved.
The formula-derived BRONZE per-advisory price is about $0.000028567, with lower prices on higher Apify tiers.
Because the actor uses the official API and no proxy, typical run costs are low.
Use maxItems to control the size of scheduled runs.
Quick start
- Open the actor on Apify.
- Set
maxItemsto the number of advisories you need. - Optionally choose ecosystems such as
npm,pip,maven, orgo. - Optionally choose severities such as
criticalandhigh. - Click Start.
- Export the dataset as JSON, CSV, Excel, XML, RSS, or HTML.
Input options
Maximum advisories
maxItems limits the number of advisory records saved.
The default is 20.
Ecosystems
Use ecosystems to filter affected package ecosystems.
Examples:
npmpipmavenrubygemsgocomposernugetrustactions
Severities
Use severities to keep selected severity levels.
Supported values:
lowmediumhighcritical
Affected package
Use affectedPackage to search advisories affecting a package name.
Examples:
reactdjangospring-frameworklodash
CVE ID
Use cveId for exact CVE lookups.
Example: CVE-2024-12345.
GHSA ID
Use ghsaId for exact GitHub Security Advisory lookups.
Example: GHSA-xxxx-yyyy-zzzz.
Date filters
Use publishedSince, publishedUntil, updatedSince, and updatedUntil for monitoring windows.
These filters accept ISO date strings.
Examples:
2026-01-012026-06-01T00:00:00Z
Include withdrawn advisories
includeWithdrawn controls whether withdrawn advisories are included.
It is disabled by default.
GitHub token
githubToken is optional.
Provide a GitHub token when you need higher API rate limits.
The token is marked secret in the input schema.
Example input
{"maxItems": 20,"ecosystems": ["npm"],"severities": ["critical", "high"],"includeWithdrawn": false}
Example output
{"ghsaId": "GHSA-qrv3-253h-g69c","cveId": "CVE-2026-0000","severity": "high","summary": "Example package advisory summary","affectedEcosystems": ["npm"],"affectedPackages": ["example-package"],"publishedAt": "2026-06-27T12:00:00Z","updatedAt": "2026-06-27T12:30:00Z","htmlUrl": "https://github.com/advisories/GHSA-qrv3-253h-g69c"}
Monitoring new high-severity npm advisories
Use this input for a scheduled npm monitoring feed:
{"maxItems": 20,"ecosystems": ["npm"],"severities": ["critical", "high"],"publishedSince": "2026-01-01"}
Run it daily or hourly depending on your workflow.
Monitoring one package
Use affectedPackage when you care about a specific dependency.
{"maxItems": 50,"affectedPackage": "django","severities": ["critical", "high", "medium"]}
Export formats
Apify datasets can be exported as:
- JSON
- CSV
- Excel
- XML
- RSS
- HTML table
Integrations
Slack or email alerts
Schedule this actor and connect the dataset to an automation that alerts on new critical advisories.
SIEM enrichment
Export GHSA, CVE, CVSS, package, and reference fields into your SIEM pipeline.
Dependency risk dashboards
Load the dataset into BI tools to track vulnerability trends by ecosystem or package.
Vulnerability triage queues
Use severity, affectedPackages, and publishedAt fields to route advisory review.
API usage with Node.js
import { ApifyClient } from 'apify-client';const client = new ApifyClient({ token: process.env.APIFY_TOKEN });const run = await client.actor('automation-lab/github-security-advisories-scraper').call({maxItems: 100,ecosystems: ['npm'],severities: ['critical', 'high']});console.log(run.defaultDatasetId);
API usage with Python
from apify_client import ApifyClientclient = ApifyClient('MY-APIFY-TOKEN')run = client.actor('automation-lab/github-security-advisories-scraper').call(run_input={'maxItems': 100,'ecosystems': ['pip'],'severities': ['critical', 'high'],})print(run['defaultDatasetId'])
API usage with cURL
curl -X POST 'https://api.apify.com/v2/acts/automation-lab~github-security-advisories-scraper/runs?token=MY-APIFY-TOKEN' \-H 'Content-Type: application/json' \-d '{"maxItems":100,"ecosystems":["npm"],"severities":["critical","high"]}'
MCP usage
Use Apify MCP from Claude Desktop or Claude Code with this actor tool enabled.
MCP URL:
https://mcp.apify.com/?tools=automation-lab/github-security-advisories-scraper
Claude Code setup:
$claude mcp add apify-security-advisories https://mcp.apify.com/?tools=automation-lab/github-security-advisories-scraper
Claude Desktop JSON config:
{"mcpServers": {"apify-security-advisories": {"url": "https://mcp.apify.com/?tools=automation-lab/github-security-advisories-scraper"}}}
Example prompts:
- "Run the GitHub Security Advisories Scraper for critical npm advisories and summarize the latest packages."
- "Find high severity GHSA records affecting Django and list patched versions."
- "Export the latest 100 high severity GitHub advisories as a table."
Tips for best results
- Keep
maxItemsmodest for frequent scheduled runs. - Use a GitHub token if you run many security-feed jobs.
- Filter by ecosystem to reduce noise.
- Filter by severity for alerting workflows.
- Use date filters to create rolling monitoring windows.
- Store the last run timestamp in your own workflow if you need incremental alerts.
Rate limits
Unauthenticated GitHub API calls have lower rate limits.
Authenticated calls have higher rate limits.
If GitHub returns a rate-limit error, add a token or retry after the reset time shown in the actor log.
Data freshness
The actor reads directly from GitHub during each run.
Freshness depends on GitHub's public advisory API.
Scheduled runs are recommended for monitoring workflows.
Limitations
The actor does not scan your private repositories.
The actor does not determine whether your application is exploitable.
It extracts public advisory records and affected package metadata.
Legality
This actor uses GitHub's public API for publicly available security advisory data.
Review GitHub's API terms and your organization's data policy before automated use.
Use optional tokens responsibly and do not exceed API limits.
FAQ
Is this a GitHub CVE scraper?
Yes. It extracts public GitHub Security Advisories and includes CVE identifiers when GitHub provides them.
Can I run it on a schedule?
Yes. The actor is designed for scheduled DevSecOps monitoring and recurring advisory exports.
Troubleshooting
Why did I get a rate-limit error?
GitHub may limit unauthenticated API calls.
Add githubToken or retry after the reset time in the log.
Why are there no results?
Your filters may be too narrow.
Try removing date filters, severity filters, or package filters.
Why is cveId empty?
Some GitHub advisories do not have a CVE identifier.
Use ghsaId as the stable GitHub advisory identifier.
Related scrapers
Explore other automation-lab actors for security, developer, and monitoring workflows:
- https://apify.com/automation-lab/http-status-code-checker
- https://apify.com/automation-lab/bulk-url-status-checker
- https://apify.com/automation-lab/website-contact-finder
Support
If you need a field that is available in GitHub's advisory API but missing from the dataset, open an Apify issue with a sample advisory URL.
Changelog
0.1
Initial version with official GitHub advisory API extraction, filters, normalized affected package fields, and optional GitHub token support.