GitHub Advisory Database

The GitHub Advisory Database is a new experience that allows you to browse or search for the vulnerabilities that GitHub knows about. The database contains all curated CVEs and security advisories which have been mapped to a package tracked by the GitHub dependency graph. CVE numbers will also automatically be linked from within issues and pull requests back to the Advisory Database (e.g. typing CVE-2019-13611 will automatically link to this entry in the database).

Linking to a CVE within a GitHub comment

Did you know? This data can also be accessed programmatically using the SecurityAdvisory API. Try the following query in our GraphQL Explorer:

query {
  securityAdvisories(orderBy: {field: PUBLISHED_AT, direction: DESC}, first: 2) {
    nodes {
      description
      ghsaId
      summary
      publishedAt
    }
  }
}

Learn more about the GitHub Advisory Database