Pricing

$0.50 / 1,000 github security advisory extracteds

GitHub Security Advisories (GHSA) by Ecosystem

For each ecosystem (NPM, PIP, MAVEN, NUGET, RUBYGEMS, RUST, GO, ACTIONS, SWIFT, …), pull recent GitHub Security Advisories via GraphQL. One row per advisory: severity, CVE/CWE mapping, affected packages, version ranges, fix versions. For AppSec + supply-chain auditors.

Pricing

$0.50 / 1,000 github security advisory extracteds

Rating

0.0

(0)

Developer

vøiddo

Actor stats

Bookmarked

Total users

Monthly active users

4 days ago

Last modified

What you get

{
  "ghsaId":       "GHSA-rrqh-7r3p-mvf9",
  "summary":      "Cross-site scripting in react-markdown when using…",
  "description":  "react-markdown < 9.0.1 renders untrusted user…",
  "severity":     "HIGH",
  "classification": "GENERAL",
  "publishedAt":  "2026-05-30T20:14:00Z",
  "updatedAt":    "2026-05-31T11:02:00Z",
  "withdrawnAt":  null,
  "url":          "https://github.com/advisories/GHSA-rrqh-7r3p-mvf9",
  "cves":         ["CVE-2026-12345"],
  "references":   ["https://nvd.nist.gov/vuln/detail/CVE-2026-12345",
                   "https://github.com/remarkjs/react-markdown/security/…"],
  "cwes": [
    {"cweId": "CWE-79", "name": "Improper Neutralization of Input…"}
  ],
  "affected": [
    {
      "ecosystem":            "NPM",
      "package":              "react-markdown",
      "vulnerableRange":      "< 9.0.1",
      "firstPatchedVersion":  "9.0.1"
    }
  ],
  "queryEcosystem": "NPM"
}

How to use

Input.

{
  "ecosystems":       ["NPM", "PIP", "MAVEN"],
  "sinceDays":        7,
  "maxPerEcosystem":  500,
  "githubToken":      ""
}

ecosystems — one of NPM, PIP, MAVEN, COMPOSER, NUGET, RUBYGEMS, RUST, GO, PUB, ERLANG, ACTIONS, SWIFT, or ALL to skip the ecosystem filter.

githubToken — optional. Without it, GitHub limits anonymous GraphQL to 60 req/h (fine for one ecosystem with maxPerEcosystem ≤ 500). With a token: 5 000 req/h. A classic PAT with no scopes works — the securityAdvisories endpoint is public.

Why this matters

github.com/advisories is the canonical curated CVE→ecosystem mapping used by Dependabot, Renovate, Snyk's free tier, and most other supply- chain tools. The GraphQL endpoint exposes the same data behind a tidy schema; this actor packages it into a daily feed you can ship into JIRA, Slack, or a custom dashboard.

Pricing

PAY_PER_EVENT · $0.002 per advisory_extracted · 500 advisories = $1.

Buyer

AppSec / Product Security teams.
DevOps building custom dep-pin policies (Renovate / Dependabot consumers wanting their own categorization).
Supply-chain auditors snapshotting weekly delta.
Insurance / compliance dashboards.

Source

GitHub GraphQL securityAdvisories — same source as gh advisories CLI and the web UI. Filter: publishedSince for the date window; ecosystem enum for the ecosystem filter; per-advisory vulnerabilities filtered to the same ecosystem so the affected list is clean.

GitHub Security Advisories Scraper

parseforge/github-security-advisories-ghsa-scraper

Scrape GitHub Security Advisories (GHSA) with full CVE mapping, CVSS severity scores, affected packages, version ranges, references, and patches. Filter by ecosystem (npm, PyPI, RubyGems, etc.) and severity. Perfect for SOC teams, vulnerability researchers, and DevSecOps pipelines.

ParseForge

GitHub Security Advisories Scraper

parseforge/github-security-advisories-scraper

Scrape the GitHub Global Security Advisories database. Filter by type (reviewed/unreviewed/malware), severity, affected package, CVE/GHSA ID, or publish date. Returns CVSS, CWE, affected version ranges, patched versions, references, and credits.

ParseForge

NPM Vulnerability Checker

automation-lab/npm-vulnerability-checker

Check npm packages for known vulnerabilities via OSV.dev API. Input package names with optional versions — get CVE IDs, severity (CRITICAL/HIGH/MEDIUM/LOW), affected ranges, and fix versions. No proxy needed.

Stas Persiianenko

Dependency Advisory Monitor — OSV & GitHub Security

nexgendata/dependency-advisory-monitor

Scan npm, PyPI, Maven, Go & more dependencies for known vulnerabilities via OSV.dev and the GitHub Advisory Database. CI/CD-ready, no login.

NexGenData

OSV & GitHub Security Scraper

taroyamada/oss-vulnerability-monitor

Scrape GitHub Security Advisories and OSV databases to extract CVSS v3.1 base scores, fixed version tags, and patching details for your tech stack.

naoki anzai

deps.dev Package Insights Scraper

parseforge/deps-dev-package-insights-scraper

Look up any npm, PyPI, Cargo, Maven, Go, or NuGet package on Google deps.dev and pull its default version, license identifiers, known security advisories, dependency count, and publish date. Handy for license audits, supply chain inventories, and vetting a library before you adopt it.

ParseForge

Vulnerability & Security Intel Aggregator

parseforge/vulnerability-security-intel-scraper

Pull live security intel from GitHub Advisories, MITRE ATT&CK, Exploit DB, OpenSSF Scorecard and URLhaus in one feed. Get CVE IDs, severity, affected packages, threat techniques and active malware URLs. Built for SecOps, threat intel and DevSecOps.

ParseForge

OSV Open Source Vulnerabilities Scraper

parseforge/osv-vulnerabilities-scraper

Query the OSV.dev open-source vulnerabilities database. Search by package (PyPI/npm/Go/Maven/RubyGems/crates.io/NuGet/Packagist), commit hash, or fetch a specific vulnerability by ID. Returns affected ranges, CVE aliases, severity, and references.

ParseForge

OSV.dev Vulnerabilities Scraper

crawlerbros/osv-vulnerabilities-scraper

Scrape OSV.dev, Google's open vulnerability database covering NPM, PyPI, Go, Maven, NuGet, Cargo, RubyGems, GitHub Actions, OS distros, and more. Look up vulnerabilities by package, fetch a specific OSV/GHSA/CVE record, or batch-query an entire dependency tree.

Crawler Bros

NPM Package Scraper - Search, Stats & Downloads

wetyr_corporation/npm-package-scraper

Bulk extract NPM packages with metadata, weekly downloads, dependencies, maintainers. Built for dev tool research, supply chain analysis, competitive ecosystem intel.