Pricing Templates
Log in Sign up
Integrations / GitHub / ...

POST /repos/{owner}/{repo}/security-advisories

Creates a new repository security advisory.

In order to create a draft repository security advisory, the authenticated user must be a security manager or administrator of that repository.

OAuth app tokens and personal access tokens (classic) need the repo or repository_advisories:write scope to use this endpoint.

Servers

Path parameters

Name Type Required Description
repo String Yes

The name of the repository without the .git extension. The name is not case sensitive.
owner String Yes

The account owner of the repository. The name is not case sensitive.

Request headers

Name Type Required Description
Content-Type String Yes The media type of the request body.

Default value: "application/json"

Request body fields

Name Type Required Description
cve_id String No

The Common Vulnerabilities and Exposures (CVE) ID.
credits[] Array No

A list of users receiving credit for their participation in the security advisory.
credits[].type String Yes

The type of credit the user is receiving.

Possible values:

  • "remediation_verifier"
  • "remediation_reviewer"
  • "tool"
  • "analyst"
  • "other"
  • "finder"
  • "remediation_developer"
  • "reporter"
  • "coordinator"
  • "sponsor"
credits[].login String Yes

The username of the user credited.
cvss_vector_string String No

The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or severity.
description String Yes

A detailed description of what the advisory impacts.
cwe_ids[] Array No

A list of Common Weakness Enumeration (CWE) IDs.
vulnerabilities[] Array Yes

A product affected by the vulnerability detailed in a repository security advisory.
vulnerabilities[].patched_versions String No

The package version(s) that resolve the vulnerability.
vulnerabilities[].vulnerable_functions[] Array No

The functions in the package that are affected.
vulnerabilities[].vulnerable_version_range String No

The range of the package versions affected by the vulnerability.
vulnerabilities[].package Object Yes

The name of the package affected by the vulnerability.
vulnerabilities[].package.ecosystem String Yes

The package's language or package management ecosystem.

Possible values:

  • "erlang"
  • "other"
  • "go"
  • "npm"
  • "composer"
  • "pub"
  • "actions"
  • "maven"
  • "rubygems"
  • "pip"
  • "rust"
  • "swift"
  • "nuget"
vulnerabilities[].package.name String No

The unique package name within its ecosystem.
summary String Yes

A short summary of the advisory.
start_private_fork Boolean No

Whether to create a temporary private fork of the repository to collaborate on a fix.

Default value: false
severity String No

The severity of the advisory. You must choose between setting this field or cvss_vector_string.

Possible values:

  • "medium"
  • "high"
  • "low"
  • "critical"

How to start integrating

  1. Add HTTP Task to your workflow definition.
  2. Search for the API you want to integrate with and click on the name.
    • This loads the API reference documentation and prepares the Http request settings.
  3. Click Test request to test run your request to the API and see the API's response.
All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.
Pricing Templates Integrations Blog Contact Us Help
© 2025 SimWorkflow
Terms of Service Privacy Policy