GraphQL API does not find security advisory by CVE


I try to query details of security advisories by CVE from the GraphQL API.
However, for some CVEs, no results are returned although security advisories exists.
I’m using the following query:

  securityAdvisories(identifier: {type: CVE, value: "CVE-2020-15170"}, first: 1) {
    edges {
      node {
        identifiers {

If I’m using the web interface (, the advisory with the CVE is found.
The same behaviour applies e.g. for CVE-2020-7238 or CVE-2020-12480.
However, for some CVEs like CVE-2018-21036 it works fine and the security advisory is returned.

Is there something wrong with my query or does somebody experience the same behaviour?

Unfortunately, I don’t have an answer for you. I can tell you that I see the same behavior as you, though.

I’m having a slightly different issue with GraphQL and GHSAs here: Get Repository-level Security Advisories via GraphQL?.

It’s pretty frustrating.

Okay, thanks. Sounds as if the Advisory endpoint is not yet fully tested/integrated.
Then I’ll have to figure out a workaround.