GitHub Security Advisories Scraper — GHSA & CVE Feed avatar

GitHub Security Advisories Scraper — GHSA & CVE Feed

Pricing

from $3.00 / 1,000 results

Go to Apify Store
GitHub Security Advisories Scraper — GHSA & CVE Feed

GitHub Security Advisories Scraper — GHSA & CVE Feed

Extract GitHub Security Advisories (GHSA) with CVE IDs, CVSS scores, CWE classifications, affected packages, and patched version ranges. Filter by severity, ecosystem, or CVE ID. Fresh vulnerability intelligence for security and DevSecOps teams.

Pricing

from $3.00 / 1,000 results

Rating

0.0

(0)

Developer

Compute Edge

Compute Edge

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

5 days ago

Last modified

Categories

Share

GitHub Security Advisories Scraper — CVE & Vulnerability Feed

Pull software vulnerability advisories directly from the GitHub Advisory Database — one of the most authoritative open-source vulnerability feeds, covering 13+ package ecosystems (npm, pip, Maven, NuGet, Go, RubyGems, crates.io, etc.) and cross-referencing CVE, CWE, and CVSS metadata.

What this Actor does

This Actor wraps GitHub's public /advisories API and outputs clean structured records of software vulnerabilities, including affected version ranges, fixed versions, severity, CVSS scores, and reference URLs.

Use cases:

  • DevSecOps: Feed an internal vulnerability dashboard or SBOM scanner without standing up your own ingestion pipeline.
  • Security research: Pull advisories filtered by CVE, CWE, or ecosystem for threat intel reports.
  • Open-source maintainers: Monitor advisories that touch your dependency tree.
  • Insurance/audit: Build evidence packs of disclosed vulnerabilities in third-party software.
  • AI / LLM grounding: Ingest curated, structured CVE data into a RAG pipeline for security copilots.

How to scrape GitHub Security Advisories

  1. (Optional) Set Severity to critical, high, medium, or low.
  2. (Optional) Set Ecosystem to focus on one package manager (npm, pip, maven, etc.).
  3. (Optional) Provide a CVE ID to pull a single advisory.
  4. (Optional) Set Published After (YYYY-MM-DD) to incrementally pull new entries.
  5. Set Max Results (default 200).
  6. Run.

Output fields

FieldDescription
ghsaIdGitHub Security Advisory ID (e.g. GHSA-xxxx-xxxx-xxxx)
cveIdCross-referenced CVE identifier
summaryShort title
descriptionFull markdown description
severitylow / medium / high / critical
cvssScoreCVSS v3 base score (0–10)
cvssVectorFull CVSS vector string
cweIdsCommon Weakness Enumeration IDs
ecosystemsList of affected package ecosystems
affectedPackagesArray of {ecosystem, name, vulnerableVersionRange, firstPatchedVersion}
referencesExternal references (vendor advisories, commits, blog posts)
identifiersCross-identifiers (CVE, GHSA, etc.)
publishedAt / updatedAt / withdrawnAtTimestamps
typereviewed / unreviewed / malware
sourceCodeLocationRepo URL when available
htmlUrlPublic advisory page

Pricing

Pay-per-result. The unauthenticated GitHub API allows 60 requests/hour (100 advisories per request), so a single run cleanly returns up to ~6,000 results. For larger pulls, run incrementally with publishedAfter.

Example input

{
"severity": "critical",
"ecosystem": "npm",
"publishedAfter": "2025-01-01",
"maxResults": 500
}

Example output (single record)

{
"ghsaId": "GHSA-248r-7h7q-cr24",
"cveId": "CVE-2026-45411",
"severity": "critical",
"cvssScore": 9.8,
"ecosystems": ["npm"],
"affectedPackages": [
{"ecosystem":"npm","name":"vm2","vulnerableVersionRange":"<= 3.9.19","firstPatchedVersion":""}
],
"publishedAt": "2026-04-12T18:00:00Z",
"htmlUrl": "https://github.com/advisories/GHSA-248r-7h7q-cr24"
}

FAQ

Q: Is this the same as the NVD CVE feed? No — GitHub's advisory database is curated, often published before NVD assigns a score, and is the canonical feed for advisories filed against GitHub-hosted projects. Use it together with NIST NVD for the fullest picture.

Q: What about malware advisories? Set type=malware to pull supply-chain malware advisories (e.g., malicious npm packages).

Q: Why not just use the GraphQL API? GraphQL requires authentication. This Actor uses the REST endpoint so it works out of the box.

Q: Are withdrawn advisories included? Yes — check the withdrawnAt field. Withdrawn entries usually indicate the report was a false positive.

This Actor accesses the public GitHub Advisory Database REST API per GitHub's REST API terms. Output data is provided under GitHub's terms of service — attribute GitHub as the source when reusing the data. Not affiliated with or endorsed by GitHub, Inc.