# GitHub Security Advisories Scraper (`parseforge/github-security-advisories-scraper`) Actor Scrape the GitHub Global Security Advisories database. Filter by type (reviewed/unreviewed/malware), severity, affected package, CVE/GHSA ID, or publish date. Returns CVSS, CWE, affected version ranges, patched versions, references, and credits. - **URL**: https://apify.com/parseforge/github-security-advisories-scraper.md - **Developed by:** [ParseForge](https://apify.com/parseforge) (community) - **Categories:** Developer tools, Business, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $23.63 / 1,000 results This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ![ParseForge Banner](https://github.com/ParseForge/apify-assets/blob/main/banners/banner-default.jpg?raw=true) ## ๐Ÿ™ GitHub Security Advisories Scraper > ๐Ÿš€ **Export the GitHub Security Advisories catalogue in seconds.** Pull GHSA + CVE-paired advisories with CVSS v4 and v3 scores, affected packages, vulnerable version ranges, first-patched versions, and CWE weakness mappings across 13 ecosystems. No sign-up, no token, no manual pagination. > ๐Ÿ•’ **Last updated:** 2026-05-15 ยท **๐Ÿ“Š 26 fields** per record ยท **๐Ÿ™ 25,000+ advisories** ยท **๐ŸŒ 13 ecosystems** ยท **๐ŸŽฏ CVSS v4 + v3 scoring** The **GitHub Security Advisories Scraper** pulls advisories from the GitHub Security Advisory database and returns **26 normalised fields per record**, including the GHSA identifier, paired CVE, summary and full description, CVSS v4 and v3 base scores plus vector strings, every affected package and its vulnerable version range, the first patched version, CWE weakness list, references, credits, and review status. The catalogue is the primary source for npm, pip, RubyGems, Maven, NuGet, Composer, Go, Cargo, Hex, Pub, Swift, GitHub Actions, and other-ecosystem advisories used by Dependabot, GitHub Code Scanning, and the GHSA database itself. The catalogue covers **25,000+ reviewed and community advisories** spanning every major package ecosystem GitHub tracks, plus malware advisories that flag malicious packages discovered in the wild. This Actor makes that data downloadable as CSV, Excel, JSON, or XML in minutes. Filters apply at the source, so you skip pagination, severity normalisation, and patched-version extraction entirely. | ๐ŸŽฏ Target Audience | ๐Ÿ’ก Primary Use Cases | |---|---| | Security teams, vulnerability managers, package maintainers, SBOM tool builders, dependency-scanner vendors, incident responders, threat researchers | Dependabot enrichment, SBOM scanning, package risk reports, malware-package detection, CVE-to-GHSA cross-walks, ecosystem trend analysis | --- ### ๐Ÿ“‹ What the GitHub Security Advisories Scraper does Multiple workflows in a single Actor: - ๐Ÿ†” **Single GHSA lookup.** Fetch one advisory by its identifier (e.g. `GHSA-jfh8-c2jp-5v3q`). - ๐Ÿ“ฆ **Batch GHSA lookup.** Pass an array of GHSA IDs and get every match in one run. - ๐Ÿ”Ž **CVE-paired lookup.** Find the GHSA that wraps a given CVE. - ๐ŸŽš๏ธ **Severity, type, and ecosystem filters.** Restrict to Critical / High / Medium / Low, reviewed / unreviewed / malware, or any of 13 ecosystems. - ๐Ÿ“ฆ **Affects filter.** Find every advisory that affects a specific package or `package@version`. - ๐Ÿงฌ **CWE filter.** Slice by weakness numbers (e.g. `79,89,787`). - ๐Ÿ“… **Published / updated / modified-after windows.** Pull recent advisories or full date-range crawls for incremental syncs. - ๐Ÿšซ **Withdrawn-only filter.** Surface advisories the GitHub team has marked as withdrawn. Each record includes the GHSA and CVE IDs, identifiers list, summary and full description, advisory type, severity tier, source code location, references, publication and review timestamps, every affected package with vulnerable range, the first patched version, CVSS v4 and v3 scores, CWEs, and credits. > ๐Ÿ’ก **Why it matters:** GitHub Security Advisories are the upstream source for Dependabot and most modern dependency scanners. Building your own ingestion means handling pagination, the new `cvss_severities` shape with v3 + v4, multi-package affect ranges, and the GHSA-to-CVE alias model. This Actor skips all of that and gives you a clean, downloadable dataset. --- ### ๐ŸŽฌ Full Demo _๐Ÿšง Coming soon: a 3-minute walkthrough showing how to go from sign-up to a downloaded advisory dataset._ --- ### โš™๏ธ Input
InputTypeDefaultBehavior
ghsaIdstring""Single GHSA ID (e.g. GHSA-jfh8-c2jp-5v3q).
ghsaIdsstring[][]Batch list of GHSA IDs (recommended max ~100 per run).
cveIdstring""Filter to advisories with this CVE ID.
typeenum""One of reviewed, unreviewed, malware.
severityenum""One of critical, high, medium, low, unknown.
ecosystemenum""One of 13 ecosystems including npm, pip, maven, rubygems, nuget, composer, go, rust, swift, pub, erlang, actions, other.
affectsstring""Comma-separated packages (e.g. lodash,axios@1.0.0).
cwesstring""Comma-separated CWE numbers (e.g. 79,89,787).
published, updated, modifiedAfterstring""ISO date or range like 2024-01-01..2024-12-31.
isWithdrawnbooleanfalseRestrict to withdrawn advisories.
maxItemsinteger10Records to return. Free plan caps at 10, paid plan at 1,000,000.
**Example: every Critical npm advisory published in 2025.** ```json { "type": "reviewed", "severity": "critical", "ecosystem": "npm", "published": "2025-01-01..2025-12-31", "maxItems": 500 } ```` **Example: batch GHSA lookup.** ```json { "ghsaIds": ["GHSA-jfh8-c2jp-5v3q", "GHSA-7rjr-3q55-vv33", "GHSA-8489-44mv-ggj8"] } ``` > โš ๏ธ **Good to Know:** the GHSA database aliases CVEs, so the same vulnerability can appear under both a `GHSA-xxxx-xxxx-xxxx` ID and a `CVE-xxxx-xxxxx` ID. When mapping advisories back to your asset inventory, use the `cve_id` field to deduplicate against NVD-sourced data. *** ### ๐Ÿ“Š Output Each record contains **26 fields**. Download the dataset as CSV, Excel, JSON, or XML. #### ๐Ÿงพ Schema | Field | Type | Example | |---|---|---| | ๐Ÿ†” `ghsa_id` | string | `"GHSA-jfh8-c2jp-5v3q"` | | ๐Ÿ”— `cve_id` | string | null | `"CVE-2021-44228"` | | ๐Ÿ”— `url` | string | `"https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"` | | ๐Ÿ”— `html_url` | string | null | `"https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"` | | ๐Ÿ“ `summary` | string | null | `"Remote code injection in Log4j"` | | ๐Ÿ“„ `description` | string | null | `"Apache Log4j2 versions 2.0-beta9..."` | | ๐Ÿท๏ธ `type` | string | null | `"reviewed"` | | ๐ŸŽš๏ธ `severity` | string | null | `"critical"` | | ๐Ÿ“‚ `source_code_location` | string | null | `"https://github.com/apache/logging-log4j2"` | | ๐Ÿชช `identifiers` | object\[] | `[{ "type": "GHSA", "value": "GHSA-jfh8-c2jp-5v3q" }, { "type": "CVE", "value": "CVE-2021-44228" }]` | | ๐Ÿ“š `references` | string\[] | `["https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "..."]` | | ๐Ÿ“… `published_at` | ISO 8601 | null | `"2021-12-10T00:00:35Z"` | | ๐Ÿ•’ `updated_at` | ISO 8601 | null | `"2025-01-14T08:36:01Z"` | | ๐Ÿ‘€ `github_reviewed_at` | ISO 8601 | null | `"2021-12-10T00:00:00Z"` | | ๐Ÿ›ก๏ธ `nvd_published_at` | ISO 8601 | null | `"2021-12-10T10:15:09Z"` | | ๐Ÿšซ `withdrawn_at` | ISO 8601 | null | `null` | | ๐Ÿ“ฆ `vulnerabilities` | object\[] | `[{ "package": { "ecosystem": "maven", "name": "org.apache.logging.log4j:log4j-core" }, "vulnerable_version_range": ">= 2.0-beta9, < 2.3.2", "first_patched_version": "2.3.2" }]` | | ๐Ÿ› ๏ธ `firstPatchedVersion` | string | null | `"2.3.2"` | | ๐ŸŽฏ `cvssScore` | number | null | `10.0` | | ๐ŸŽฏ `cvssVectorString` | string | null | `"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"` | | ๐ŸŽฏ `cvssV3Score` | number | null | `10.0` | | ๐ŸŽฏ `cvssV3VectorString` | string | null | `"CVSS:3.1/AV:N/..."` | | ๐ŸŽฏ `cvssV4Score` | number | null | `10.0` | | ๐ŸŽฏ `cvssV4VectorString` | string | null | `"CVSS:4.0/AV:N/..."` | | ๐Ÿ“‚ `repository_advisory_url` | string | null | `"https://github.com/apache/logging-log4j2/security/advisories/..."` | | ๐Ÿงฌ `cwes` | object\[] | `[{ "cwe_id": "CWE-20", "name": "Improper Input Validation" }]` | | ๐Ÿ™Œ `credits` | object\[] | `[{ "user": { "login": "..." }, "type": "reporter" }]` | | ๐Ÿ•’ `scrapedAt` | ISO 8601 | `"2026-05-15T00:00:00.000Z"` | #### ๐Ÿ“ฆ Sample record
๐Ÿ”ฅ Log4Shell on Maven (GHSA-jfh8-c2jp-5v3q) ```json { "ghsa_id": "GHSA-jfh8-c2jp-5v3q", "cve_id": "CVE-2021-44228", "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q", "html_url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q", "summary": "Remote code injection in Log4j", "type": "reviewed", "severity": "critical", "source_code_location": "https://github.com/apache/logging-log4j2", "identifiers": [ { "type": "GHSA", "value": "GHSA-jfh8-c2jp-5v3q" }, { "type": "CVE", "value": "CVE-2021-44228" } ], "published_at": "2021-12-10T00:00:35Z", "updated_at": "2025-01-14T08:36:01Z", "github_reviewed_at": "2021-12-10T00:00:00Z", "nvd_published_at": "2021-12-10T10:15:09Z", "vulnerabilities": [{ "package": { "ecosystem": "maven", "name": "org.apache.logging.log4j:log4j-core" }, "vulnerable_version_range": ">= 2.0-beta9, < 2.3.2", "first_patched_version": "2.3.2" }], "firstPatchedVersion": "2.3.2", "cvssScore": 10.0, "cvssVectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvssV3Score": 10.0, "cvssV3VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvssV4Score": 10.0, "cvssV4VectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H", "cwes": [ { "cwe_id": "CWE-20", "name": "Improper Input Validation" }, { "cwe_id": "CWE-400", "name": "Uncontrolled Resource Consumption" } ], "credits": [{ "user": { "login": "chenzhaojun" }, "type": "reporter" }], "scrapedAt": "2026-05-15T00:00:00.000Z" } ```
*** ### โœจ Why choose this Actor | | Capability | |---|---| | ๐Ÿ™ | **Authoritative source.** Pulls directly from the GitHub Security Advisories catalogue, the upstream feed for Dependabot. | | ๐ŸŽฏ | **CVSS v4 + v3.** Both scoring versions surfaced as separate fields plus a unified top-level score. | | ๐Ÿ“ฆ | **Patched versions.** First patched version extracted for every advisory. | | ๐Ÿฆ  | **Malware advisories.** Set type=malware to surface advisories for malicious packages found in the wild. | | ๐ŸŒ | **13 ecosystems.** npm, pip, maven, rubygems, nuget, composer, go, rust, swift, pub, erlang, actions, other. | | ๐Ÿ”— | **CVE pairing.** Each advisory carries its `cve_id` for cross-walks with NVD-sourced data. | | ๐Ÿšซ | **No sign-up.** Works with public GitHub data. No login or token needed. | > ๐Ÿ“Š GitHub Security Advisories drive Dependabot, GitHub Code Scanning, and most modern dependency scanners. Owning a clean local copy is a multiplier for every supply-chain workflow. *** ### ๐Ÿ“ˆ How it compares to alternatives | Approach | Cost | Coverage | Refresh | Filters | Setup | |---|---|---|---|---|---| | **โญ GitHub Security Advisories Scraper** *(this Actor)* | $5 free credit, then pay-per-use | **25,000+ advisories** | **Live per run** | severity, type, ecosystem, package, CWE, date | โšก 2 min | | Commercial SCA platforms | $20,000+/year | GHSA + extras | Streaming | Many | โณ Days | | Manual exports | Free | Full | Stale | None | ๐Ÿข Hours | | Self-built ingestion | Engineering time | Full | Custom | Custom | ๐Ÿ› ๏ธ Weeks | Pick this Actor when you want a clean GHSA dataset with CVSS v4 already normalised. *** ### ๐Ÿš€ How to use 1. ๐Ÿ“ **Sign up.** [Create a free account with $5 credit](https://console.apify.com/sign-up?fpr=vmoqkp) (takes 2 minutes). 2. ๐ŸŒ **Open the Actor.** Go to the GitHub Security Advisories Scraper page on the Apify Store. 3. ๐ŸŽฏ **Set input.** Pick a severity, ecosystem, package, or GHSA ID, then set `maxItems`. 4. ๐Ÿš€ **Run it.** Click **Start** and let the Actor collect your data. 5. ๐Ÿ“ฅ **Download.** Grab your results in the **Dataset** tab as CSV, Excel, JSON, or XML. > โฑ๏ธ Total time from signup to downloaded dataset: **3-5 minutes.** No coding required. *** ### ๐Ÿ’ผ Business use cases
#### ๐Ÿ› ๏ธ DevSecOps & SBOM - Daily SBOM enrichment with patched-version metadata - CI gate that fails builds when fixes exist for direct dependencies - Auto-PRs that bump dependencies to the first patched version - Slack alerts when an ecosystem you ship hits a Critical advisory #### ๐Ÿฆ  Malware & Supply-Chain Defense - Daily ingestion of `type=malware` advisories for typosquats and back-doors - Block-lists for internal package proxies - Incident response for known malicious packages in repos - Continuous monitoring of internal registry mirrors
#### ๐Ÿ” Vulnerability Management - Cross-walk GHSA to CVE for unified vulnerability views - Severity-based patch queues for SOC and IT - Vendor risk reports filtered by ecosystem - Coverage dashboards comparing GHSA vs NVD vs OSV #### ๐Ÿ“Š Security Reporting & Dashboards - Executive dashboards showing advisory volume per ecosystem - Customer-facing trust pages with patch SLAs - M\&A due diligence on target dependency hygiene - Insurance underwriting models for cyber risk
*** ### ๐Ÿ”Œ Automating GitHub Security Advisories Scraper Control the scraper programmatically for scheduled runs and pipeline integrations: - ๐ŸŸข **Node.js.** Install the `apify-client` NPM package. - ๐Ÿ **Python.** Use the `apify-client` PyPI package. - ๐Ÿ“š See the [Apify documentation](https://docs.apify.com/) for full details. The [Apify Schedules feature](https://docs.apify.com/platform/schedules) lets you trigger this Actor on any cron interval. Hourly, daily, or weekly refreshes keep your downstream SBOM and dependency tooling in sync automatically. *** ### ๐ŸŒŸ Beyond business use cases Data like this powers more than commercial workflows. The same structured records support research, education, civic projects, and personal initiatives.
#### ๐ŸŽ“ Research and academia - Open source ecosystem vulnerability studies - Time-to-patch and disclosure-lag research - Coursework on supply-chain security and SBOM tooling - Reproducible studies with cited, versioned dataset pulls #### ๐ŸŽจ Personal and creative - Hobbyist dependency dashboards for your own projects - Newsletter research on the latest GHSAs - Portfolio projects that show off security data engineering - Personal alerting bots for libraries you maintain
#### ๐Ÿค Non-profit and civic - Open-source maintainers monitoring their package risk - Civic-tech projects mapping advisory coverage by ecosystem - Educational outreach for open-source security literacy - Community advocacy around responsible disclosure #### ๐Ÿงช Experimentation - Train ML models on advisory text and severity - Prototype agent pipelines that summarise GHSAs - Test SBOM diff tooling against historical waves - Build dashboards on top of live ecosystem feeds
*** ### ๐Ÿค– Ask an AI assistant about this scraper Open a ready-to-send prompt about this ParseForge actor in the AI of your choice: - ๐Ÿ’ฌ [**ChatGPT**](https://chat.openai.com/?q=How%20do%20I%20use%20the%20GitHub%20Security%20Advisories%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿง  [**Claude**](https://claude.ai/new?q=How%20do%20I%20use%20the%20GitHub%20Security%20Advisories%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿ” [**Perplexity**](https://perplexity.ai/search?q=How%20do%20I%20use%20the%20GitHub%20Security%20Advisories%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿ…’ [**Copilot**](https://copilot.microsoft.com/?q=How%20do%20I%20use%20the%20GitHub%20Security%20Advisories%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) *** ### โ“ Frequently Asked Questions #### ๐Ÿงฉ How does it work? Configure your filters in the input form, click Start, and the Actor pulls matching advisories from the GitHub Security Advisories catalogue, normalises the schema (including the new CVSS v4 fields), and emits one clean record per advisory. #### ๐Ÿ“ How accurate is the data? Records are mirror-copies of the official GHSA catalogue at run time. Severity, affected ranges, patched versions, references, and credits are taken verbatim from the source. #### ๐Ÿ” How often is the dataset refreshed? GitHub publishes new advisories continuously as the security team curates submissions and as malware advisories are filed. Every run reflects the catalogue as of run time. #### ๐ŸŽฏ Which CVSS versions are included? The Actor surfaces CVSS v4.0 and v3.x base scores and vector strings whenever the source provides them. Older advisories may carry only v3; newer ones have v4 as well. A unified top-level `cvssScore` is also exposed. #### ๐ŸŒ Which ecosystems are supported? npm, pip, maven, rubygems, nuget, composer, go, rust (cargo), swift, pub (Dart), erlang/elixir, GitHub Actions, and `other`. Leave the field empty for cross-ecosystem search. #### ๐Ÿฆ  What is a malware advisory? GitHub publishes `type=malware` advisories for packages confirmed to be malicious (typosquats, back-doors, credential stealers). They are first-class citizens in the catalogue and crucial for supply-chain defense. #### ๐Ÿงฌ What is a CWE? CWE (Common Weakness Enumeration) is the standard taxonomy of software weaknesses. Each advisory is mapped to one or more CWE IDs that classify the underlying flaw type. #### โฐ Can I schedule regular runs? Yes. Use Apify Schedules to run this Actor on any cron interval. A common pattern is an hourly schedule that pulls every new advisory and pushes them into a SBOM tool or Slack channel. #### โš–๏ธ Is this data legal to use? GitHub Security Advisories are published under permissive open licensing. You should review the source license for your specific application but raw advisory metadata is generally public. #### ๐Ÿ’ณ Do I need a paid Apify plan to use this Actor? No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you scheduling, higher concurrency, and larger datasets. #### ๐Ÿ†˜ What if I need help? Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below. *** ### ๐Ÿ”Œ Integrate with any app GitHub Security Advisories Scraper connects to any cloud service via [Apify integrations](https://apify.com/integrations): - [**Make**](https://docs.apify.com/platform/integrations/make) - Automate multi-step workflows - [**Zapier**](https://docs.apify.com/platform/integrations/zapier) - Connect with 5,000+ apps - [**Slack**](https://docs.apify.com/platform/integrations/slack) - Get advisory alerts in your security channels - [**Airbyte**](https://docs.apify.com/platform/integrations/airbyte) - Pipe GHSA data into your warehouse - [**GitHub**](https://docs.apify.com/platform/integrations/github) - Trigger runs from commits and releases - [**Google Drive**](https://docs.apify.com/platform/integrations/drive) - Export datasets straight to Sheets You can also use webhooks to trigger downstream actions when a run finishes. Push fresh advisory data into your SBOM tooling, or alert your team in Slack when a Critical hits a tracked package. *** ### ๐Ÿ”— Recommended Actors - [**๐Ÿ›ก๏ธ NIST NVD CVE Scraper**](https://apify.com/parseforge/nist-nvd-cve-scraper) - Official NVD catalogue with CVSS v4/v3/v2 scores - [**๐Ÿšจ CISA KEV Scraper**](https://apify.com/parseforge/cisa-kev-scraper) - Known Exploited Vulnerabilities catalogue with due dates - [**๐Ÿ“ˆ EPSS Exploit Prediction Scraper**](https://apify.com/parseforge/epss-exploit-prediction-scraper) - 30-day exploitation probability scores - [**๐Ÿ“ฆ OSV Vulnerabilities Scraper**](https://apify.com/parseforge/osv-vulnerabilities-scraper) - Open source vulnerabilities across 30+ ecosystems - [**๐Ÿ”ฌ CIRCL CVE Scraper**](https://apify.com/parseforge/circl-cve-scraper) - CIRCL Luxembourg CVE catalogue with CWE and CAPEC > ๐Ÿ’ก **Pro Tip:** browse the complete [ParseForge collection](https://apify.com/parseforge) for more security and reference-data scrapers. *** **๐Ÿ†˜ Need Help?** [**Open our contact form**](https://tally.so/r/BzdKgA) to request a new scraper, propose a custom data project, or report an issue. *** > **โš ๏ธ Disclaimer:** this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by GitHub, Microsoft, or any of the package maintainers referenced in the catalogue. All trademarks mentioned are the property of their respective owners. Only publicly available security advisory data is collected. # Actor input Schema ## `ghsaId` (type: `string`): Fetch a specific advisory by GHSA ID (e.g. GHSA-652x-xj99-gmcc). ## `ghsaIds` (type: `array`): Array of GHSA IDs to fetch in one run (e.g. \["GHSA-652x-xj99-gmcc", "GHSA-jfh8-c2jp-5v3q"]). Takes precedence over single ghsaId. Recommended max ~100 per call. ## `cveId` (type: `string`): Filter to advisories with this CVE ID (e.g. CVE-2021-44228). ## `type` (type: `string`): GitHub-reviewed advisories, community/unreviewed, or malware advisories. ## `severity` (type: `string`): Filter by CVSS severity tier. ## `ecosystem` (type: `string`): Filter by package ecosystem. ## `affects` (type: `string`): Comma-separated list of packages (e.g. 'package1,package2@1.0.0') to filter advisories that affect them. ## `cwes` (type: `string`): Comma-separated CWE numbers (e.g. '79,89,787'). ## `cwesFilter` (type: `string`): Alias for the cwes field. Comma-separated CWE numbers (e.g. '79,89,787'). ## `published` (type: `string`): Filter by publish date. Use ISO 8601 or a range like '2023-01-01..2023-12-31'. ## `updated` (type: `string`): Filter by last-updated date. ## `modifiedAfter` (type: `string`): Single date (YYYY-MM-DD) โ€” translated to '>=date'. Pass a range like '2024-01-01..2024-12-31' to use as-is. Filters by the advisory's last-modified date. ## `isWithdrawn` (type: `boolean`): When true, only withdrawn advisories are returned. ## `maxItems` (type: `integer`): Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000 ## Actor input object example ```json { "ghsaId": "", "ghsaIds": [], "cveId": "", "type": "", "severity": "", "ecosystem": "", "affects": "", "cwes": "", "cwesFilter": "", "published": "", "updated": "", "modifiedAfter": "", "isWithdrawn": false, "maxItems": 10 } ``` # Actor output Schema ## `overview` (type: `string`): Overview of scraped data ## `fullData` (type: `string`): Complete dataset # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "ghsaId": "", "cveId": "", "type": "", "severity": "", "ecosystem": "", "affects": "", "cwes": "", "cwesFilter": "", "published": "", "updated": "", "modifiedAfter": "", "maxItems": 10 }; // Run the Actor and wait for it to finish const run = await client.actor("parseforge/github-security-advisories-scraper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "ghsaId": "", "cveId": "", "type": "", "severity": "", "ecosystem": "", "affects": "", "cwes": "", "cwesFilter": "", "published": "", "updated": "", "modifiedAfter": "", "maxItems": 10, } # Run the Actor and wait for it to finish run = client.actor("parseforge/github-security-advisories-scraper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "ghsaId": "", "cveId": "", "type": "", "severity": "", "ecosystem": "", "affects": "", "cwes": "", "cwesFilter": "", "published": "", "updated": "", "modifiedAfter": "", "maxItems": 10 }' | apify call parseforge/github-security-advisories-scraper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=parseforge/github-security-advisories-scraper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "GitHub Security Advisories Scraper", "description": "Scrape the GitHub Global Security Advisories database. Filter by type (reviewed/unreviewed/malware), severity, affected package, CVE/GHSA ID, or publish date. Returns CVSS, CWE, affected version ranges, patched versions, references, and credits.", "version": "0.0", "x-build-id": "vi95pret57508OKmM" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/parseforge~github-security-advisories-scraper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-parseforge-github-security-advisories-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/parseforge~github-security-advisories-scraper/runs": { "post": { "operationId": "runs-sync-parseforge-github-security-advisories-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/parseforge~github-security-advisories-scraper/run-sync": { "post": { "operationId": "run-sync-parseforge-github-security-advisories-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "ghsaId": { "title": "GHSA ID", "type": "string", "description": "Fetch a specific advisory by GHSA ID (e.g. GHSA-652x-xj99-gmcc).", "default": "" }, "ghsaIds": { "title": "GHSA IDs (batch lookup)", "type": "array", "description": "Array of GHSA IDs to fetch in one run (e.g. [\"GHSA-652x-xj99-gmcc\", \"GHSA-jfh8-c2jp-5v3q\"]). Takes precedence over single ghsaId. Recommended max ~100 per call.", "default": [], "items": { "type": "string" } }, "cveId": { "title": "CVE ID", "type": "string", "description": "Filter to advisories with this CVE ID (e.g. CVE-2021-44228).", "default": "" }, "type": { "title": "Advisory Type", "enum": [ "", "reviewed", "unreviewed", "malware" ], "type": "string", "description": "GitHub-reviewed advisories, community/unreviewed, or malware advisories.", "default": "" }, "severity": { "title": "Severity", "enum": [ "", "critical", "high", "medium", "low", "unknown" ], "type": "string", "description": "Filter by CVSS severity tier.", "default": "" }, "ecosystem": { "title": "Ecosystem", "enum": [ "", "actions", "composer", "erlang", "go", "maven", "npm", "nuget", "other", "pip", "pub", "rubygems", "rust", "swift" ], "type": "string", "description": "Filter by package ecosystem.", "default": "" }, "affects": { "title": "Affects (package or package@version)", "type": "string", "description": "Comma-separated list of packages (e.g. 'package1,package2@1.0.0') to filter advisories that affect them.", "default": "" }, "cwes": { "title": "CWE IDs", "type": "string", "description": "Comma-separated CWE numbers (e.g. '79,89,787').", "default": "" }, "cwesFilter": { "title": "CWE IDs (alias)", "type": "string", "description": "Alias for the cwes field. Comma-separated CWE numbers (e.g. '79,89,787').", "default": "" }, "published": { "title": "Published Date Range", "type": "string", "description": "Filter by publish date. Use ISO 8601 or a range like '2023-01-01..2023-12-31'.", "default": "" }, "updated": { "title": "Updated Date Range", "type": "string", "description": "Filter by last-updated date.", "default": "" }, "modifiedAfter": { "title": "Modified After Date", "type": "string", "description": "Single date (YYYY-MM-DD) โ€” translated to '>=date'. Pass a range like '2024-01-01..2024-12-31' to use as-is. Filters by the advisory's last-modified date.", "default": "" }, "isWithdrawn": { "title": "Withdrawn Only", "type": "boolean", "description": "When true, only withdrawn advisories are returned.", "default": false }, "maxItems": { "title": "Max Items", "minimum": 1, "maximum": 1000000, "type": "integer", "description": "Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000" } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```