Skip to main content

Security Advisories

Ingests vulnerability data from GitHub’s public Advisory Database for supply chain risk insights.

Sync Type: Incremental

Requirements

  • The Github Advisory Database connector does not require any credentials, making it a straightforward plug-and-play connector.

Details

This input retrieves Github Advisory Database data from a Monad S3 bucket.

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

None.

Secrets

None.

Custom Schema Handling

If the source data doesn't align with any of the OpenSecurityControlFramework (OSCF) schemas, you can create a custom transformation using our JQ transform pipeline. For example:

{
  metadata: {
    schema_version: "1.0.0",
    custom_framework: "my_framework"
  },
  controls: .[]
}

For more information on JQ and how to write your own JQ transformations see the JQ docs here.

If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at support@monad.com. We're always looking to expand our coverage of security control frameworks based on community needs.

Sample Record

{
  "schema_version": "1.4.0",
  "id": "3b7e82cf-411d-e7d7-a8df-f1ccf8a5c6b9",
  "modified": "2025-08-11T23:46:50.233334Z",
  "published": "2025-08-11T23:46:50.23334Z",
  "aliases": [
    "CVE-2014-5678"
  ],
  "summary": "Cross-site Scripting in actionpack",
  "details": "Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_options_helper.rb` in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.",
  "severity": [],
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "actionpack"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.12"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4567"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800000"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-11T23:46:50.233431Z",
    "nvd_published_at": "2025-08-11T23:46:50.233433Z"
  }
}