Security vulnerability alerts


I need to update my organization repositories and I have like 130 repos.

I need each of them(the repos) to alert his owners about vulnerability alerts.

There is a way to do this by script? automatically? or the only way is to do this manually?


Hi @sapirshloush

There isn’t currently an endpoint for switching on Vulnerability Alerts but it is something we’re looking into implementing.

For the moment, enabling Vulnerability Alerts is only available via the UI at the repository level.

We’ll pass your feedback onto the team to make sure they’re aware of your use case. I can’t promise if or when we’ll add an API endpoint for enabling alerts but we’ll make sure the request is in the right hands.



Yehaa that’s great, I was also looking for this! Thanks

1 Like

Yes very interested in this too, to add some automation into our pipeline and this is much quicker as the scan is already done on commit. Our current process of scanning these in our build pipeline make it quite slow


+1, would also really like to be able to turn on Vulnerability Alerts via the API.

Is there any way I can just delete all changed in my device to be normal again… It’s been a nightmare

First, it’s surprising that GitHub, an API-first company has this in the UI but not the API.

Secondly, it’s surprising that you have fleshed out, to a great extent, the various advanced APIs around the vulnerabilites but not a single API to simply just enable them?

This feature came out almost a year ago. Many of us need things like this as APIs  in order to automate them. Especially those of us larger clients with 1000+ repos. We can’t turn this feature on manually each time.

Can we get this fix  bumped up in the roadmap?

Hi @idvb,

The endpoint to enable or disable security vulnerabilities was recently released on It should also make it into GitHub Enterprise in one of the next feature releases.

Hope that helps!


Dependency Graph API in GraphQL enables you to retrieve information about a repository’s dependency graph. But that’s not all; GH has added a lightweight Repository Vulnerability Alerts API in GraphQL so you can get your security alerts through the API. You can stay up-to-date with the most recent changes using a webhooks that trigger when alerts are created, dismissed, or resolved.

Repository Vulnerability Alerts Webhooks

introduced a new webhook event for repositories called repository_vulnerability_alert. You can get webhooks for create, dismiss, and resolve actions.

1 Like

Is there any way I can simply erase all changed in my gadget to be typical once more… It’s been a bad dream. Our present procedure of checking these in our fabricate pipeline make it very moderate

Hi @ramotto,

I’m sorry, I’m not exactly sure what you’re asking. Could you perhaps rephrase your question?


Do I understand correctly that granting access to security alerts to teams on a repository level (i.e. that you can configure from the UI under repository settings/Security alerts) is not exposed in the API? I understand that enabling security alerts is, as well as you can get notified of alerts via the API but what if I’d like to grant access to the alerts for the team maintaining the repo?

Thank you!

Hi Team,

Does some one has the updated Graphql query to fetch the details regarding the vulnerabilities in the repository using graphql queries.

repository(owner: “nickific”, name: “goof”) {
vulnerabilityAlerts(first: 50) {
nodes {
securityAdvisory {

Alternatively, you can explore your options here: Explorer - GitHub Docs

1 Like