Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 5

Expose `RepositoryVulnerabilityAlert` Severity Rating in GraphQL API

Hey there,


I'm using the Preview functionality for Vulnerability Alerts and I have a query that returns me repositories with their names and vulnerability alerts.


When looking at the documentation for this:

I can't see anything related to the severity here on the API, as shown below:image.png


I can see there is a `SecurityAdvisory` type which contains the severity, but there seems to be no link from the Alerts on a repo to that type:


I can't see if this is possible currenty, but it looks like it's not. If it's not, it's something I'd like to request, but I'm not sure if this is the correct place to do that.

4 Replies
Community Manager
Message 2 of 5

Re: Expose `RepositoryVulnerabilityAlert` Severity Rating in GraphQL API

Thanks for this feedback! We're always working to improve GitHub and the GitHub Community Forum, and we consider every suggestion we receive. I've logged your feature request in our internal feature request list. Though I can't guarantee anything or share a timeline for this, I can tell you that it's been shared with the appropriate teams for consideration.


Please let me know if you have any other questions.


Copilot Lvl 2
Message 3 of 5

Re: Expose `RepositoryVulnerabilityAlert` Severity Rating in GraphQL API

@lee-dohm whose decision is it to mark questions as falsely "Solved" with boilerplate responses like this? It just seems counter-helpful - if not disrespectful - to the community who posts questions. There's no other type of technical forum on the internet that would allow an open question to simply be closed off as Solved when it's not.

Ground Controller Lvl 1
Message 4 of 5

Re: Expose `` Severity Rating in GraphQL API

` Severity Rating in GraphQL API
Copilot Lvl 2
Message 5 of 5

Re: Expose `RepositoryVulnerabilityAlert` Severity Rating in GraphQL API

I don't know if the API has changed recently, but looking into the same thing today I see that there is (now?) a connection from Repository to the SecurityAlert Severity via the RepositoryVulnerabilityAlert. You have to enable the Accept: application/vnd.github.vixen-preview+json header as detailed in though it sounds like you must have already done this.


repository(...) {

  vulnerabilityAlerts(last: 10) {

    securityAdvisory {