# Security Advisories Ingests vulnerability data from GitHub’s public Advisory Database for supply chain risk insights. **Sync Type: Incremental** ## Requirements - The Github Advisory Database connector does not require any credentials, making it a straightforward plug-and-play connector. ## Details This input retrieves Github Advisory Database data from a Monad S3 bucket. ## Configuration The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below. #### Settings None. #### Secrets None. ## Custom Schema Handling If the source data doesn't align with any of the [OpenSecurityControlFramework (OSCF) schemas](https://schema.ocsf.io/), you can create a custom transformation using our JQ transform pipeline. For example: ```jq { metadata: { schema_version: "1.0.0", custom_framework: "my_framework" }, controls: .[] } ``` For more information on JQ and how to write your own JQ transformations see the JQ docs [here](https://jqlang.github.io/jq/). If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at [support@monad.com](mailto:support@monad.com). We're always looking to expand our coverage of security control frameworks based on community needs. ## Sample Record ```json { "schema_version": "1.4.0", "id": "3b7e82cf-411d-e7d7-a8df-f1ccf8a5c6b9", "modified": "2025-08-11T23:46:50.233334Z", "published": "2025-08-11T23:46:50.23334Z", "aliases": [ "CVE-2014-5678" ], "summary": "Cross-site Scripting in actionpack", "details": "Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_options_helper.rb` in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.", "severity": [], "affected": [ { "package": { "ecosystem": "RubyGems", "name": "actionpack" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "3.0.0" }, { "fixed": "3.0.12" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4567" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800000" } ], "database_specific": { "cwe_ids": [ "CWE-90" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-08-11T23:46:50.233431Z", "nvd_published_at": "2025-08-11T23:46:50.233433Z" } } ```