GitHub Security Advisories
GitHub Security Advisories (GHSA) is the curated vulnerability database behind Dependabot, covering open-source package ecosystems such as npm, PyPI, Maven, RubyGems, Go and crates.io. It is usually the fastest authoritative signal for supply-chain vulnerabilities in open-source dependencies.
CSIRTS.com ingests GitHub Security Advisories every 3 hours, normalizes each advisory into a common schema and cross-references every CVE against the CISA KEV catalog and public exploit datasets. Publishes reviewed advisories for open-source package ecosystems. Also available via RSS, JSON API and the MCP server.