A Python client library for the GitHub Security Advisory (GHSA) API

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for valmarelox from gravatar.com valmarelox

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Tags advisory , cve , ghsa , github , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs
Classifiers
Report project as malware

Project description

GHSA Client

A Python client library for the GitHub Security Advisory (GHSA) API, providing structured access to security advisory data.

Features

  • Type-safe models: Full Pydantic models for GHSA data structures
  • Rate limiting: Built-in rate limit handling and retry logic
  • Flexible queries: Search advisories with various filters
  • Comprehensive data: Access to all GHSA fields including CVSS scores, CWE mappings, and package information

Installation

pip install ghsa-client

Quick Start

import logging
from ghsa_client import GHSAClient, GHSA_ID

# Set up logging
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)

# Create client
client = GHSAClient(logger)

# Get a specific advisory
ghsa_id = GHSA_ID("GHSA-gq96-8w38-hhj2")
advisory = client.get_advisory(ghsa_id)

print(f"Advisory: {advisory.summary}")
print(f"Severity: {advisory.severity}")
print(f"CVSS Score: {advisory.cvss.score if advisory.cvss else 'N/A'}")

Usage

Authentication

The client automatically uses the GITHUB_TOKEN environment variable if available:

export GITHUB_TOKEN=your_github_token_here

Getting an Advisory

from ghsa_client import GHSAClient, GHSA_ID

client = GHSAClient(logger)
advisory = client.get_advisory(GHSA_ID("GHSA-gq96-8w38-hhj2"))

# Access advisory properties
print(advisory.summary)
print(advisory.severity)
print(advisory.published_at)
print(advisory.vulnerabilities)

Searching Advisories

# Search by ecosystem
advisories = client.search_advisories(ecosystem="npm")

# Search by severity
advisories = client.search_advisories(severity="high")

# Search by date range
advisories = client.search_advisories(published="2024-01-01..2024-12-31")

# Get all advisories for a year
advisories = client.get_all_advisories_for_year(2024)

Rate Limiting

The client automatically handles GitHub's rate limits:

# Check remaining rate limit
rate_limit = client.get_ratelimit_remaining()
print(f"Remaining requests: {rate_limit['resources']['core']['remaining']}")

# The client will automatically wait for rate limit reset when needed

Models

Advisory

The main model representing a GitHub Security Advisory:

from ghsa_client import Advisory

advisory: Advisory = client.get_advisory(ghsa_id)

# Core properties
advisory.ghsa_id          # GHSA_ID object
advisory.cve_id           # Optional CVE_ID object
advisory.summary          # str
advisory.severity         # str
advisory.published_at     # str (ISO date)
advisory.description      # Optional[str]

# Vulnerability data
advisory.vulnerabilities  # List[Vulnerability]
advisory.affected_packages # List[Package] (computed property)

# CVSS data
advisory.cvss             # Optional[CVSS]
advisory.cwes             # Optional[List[str]]

# Repository information
advisory.source_code_location # Optional[str]
advisory.repository_url   # str (property, raises if not found)

# References
advisory.references       # List[str]

GHSA_ID

Type-safe GHSA identifier with validation:

from ghsa_client import GHSA_ID, InvalidGHSAIDError

try:
    ghsa_id = GHSA_ID("GHSA-gq96-8w38-hhj2")
    print(ghsa_id.id)  # "GHSA-gq96-8w38-hhj2"
except InvalidGHSAIDError as e:
    print(f"Invalid GHSA ID: {e}")

CVE_ID

Type-safe CVE identifier with validation:

from ghsa_client import CVE_ID

cve_id = CVE_ID("CVE-2024-12345")
print(cve_id.id)  # "CVE-2024-12345"

Error Handling

The client raises specific exceptions for different error conditions:

from ghsa_client import RateLimitExceeded, GHSAClient
import requests

try:
    advisory = client.get_advisory(ghsa_id)
except requests.HTTPError as e:
    if e.response.status_code == 404:
        print("Advisory not found")
    else:
        print(f"HTTP error: {e}")
except RateLimitExceeded as e:
    print(f"Rate limit exceeded: {e}")
except requests.RequestException as e:
    print(f"Network error: {e}")

Development

Setup

git clone https://github.com/valmarelox/ghsa-client.git
cd ghsa-client
pip install -e ".[dev]"

Running Tests

pytest

Code Formatting

black .
isort .

Type Checking

mypy src/ghsa_client

License

MIT License - see LICENSE file for details.

Contributing

Contributions are welcome! Please open an issue or pull request on GitHub.

Changelog

See the releases page for a history of changes.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for valmarelox from gravatar.com valmarelox

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Tags advisory , cve , ghsa , github , security , vulnerability
  • Requires: Python >=3.11
  • Provides-Extra: dev , docs
Classifiers

Release history Release notifications | RSS feed

1.14.0

1.13.0

1.12.0

1.11.0

1.10.0

1.9.0

1.8.0

1.7.0

1.6.0

This version

1.5.0

1.4.0

1.3.0

1.2.0

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ghsa_client-1.5.0.tar.gz (17.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ghsa_client-1.5.0-py3-none-any.whl (17.5 kB view details)

Uploaded Python 3

File details

Details for the file ghsa_client-1.5.0.tar.gz.

File metadata

  • Download URL: ghsa_client-1.5.0.tar.gz
  • Upload date:
  • Size: 17.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ghsa_client-1.5.0.tar.gz
Algorithm Hash digest
SHA256 6d5dfb0ba22eb39d38e7cc32ead3f731f947476520e83357583d3b75438af85b
MD5 575c9802c4de7eadafbd07f6d93a68be
BLAKE2b-256 810d0a00d7237c6be41c03c9fb6abc10a678387ca664e4fb492df64fd233e06e

See more details on using hashes here.

Provenance

The following attestation bundles were made for ghsa_client-1.5.0.tar.gz:

Publisher: publish.yml on Valmarelox/ghsa-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ghsa_client-1.5.0-py3-none-any.whl.

File metadata

  • Download URL: ghsa_client-1.5.0-py3-none-any.whl
  • Upload date:
  • Size: 17.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ghsa_client-1.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 24e6c4b86e14b8c7f018c8eb58753629f3473bffccc44567b893c2141b88e087
MD5 7c9aa04692695497cfd2a4e540b7b8fc
BLAKE2b-256 dec995682e4fd4a9ab6b2d0a94d5f5ca5e1d4d72b879a161e9a16e4d818cb4d2

See more details on using hashes here.

Provenance

The following attestation bundles were made for ghsa_client-1.5.0-py3-none-any.whl:

Publisher: publish.yml on Valmarelox/ghsa-client

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page