SecurityVulnerability

This part of the schema is currently available for developers to preview. During this preview period, the API may change without any advance notice. Please see the Access to GitHub Security Advisories preview for more details.

Note: The GraphQL resources under preview cannot be accessed via the Explorer at this time.

An individual vulnerability within an Advisory

Fields

advisory (SecurityAdvisory!)

The Advisory associated with this Vulnerability

firstPatchedVersion (SecurityAdvisoryPackageVersion)

The first version containing a fix for the vulnerability

package (SecurityAdvisoryPackage!)

A description of the vulnerable package

severity (SecurityAdvisorySeverity!)

The severity of the vulnerability within this package

updatedAt (DateTime!)

When the vulnerability was last updated

vulnerableVersionRange (String!)

A string that describes the vulnerable package versions. This string follows a basic syntax with a few forms.

  • = 0.2.0 denotes a single vulnerable version.
  • <= 1.0.8 denotes a version range up to and including the specified version
  • < 0.1.11 denotes a version range up to, but excluding, the specified version
  • >= 4.3.0, < 4.3.5 denotes a version range with a known minimum and maximum version.
  • >= 0.0.1 denotes a version range with a known minimum, but no known maximum