yhy0

yhy0 / ghsa-skill-builder

Public

GitHub Advisory Database Skills builder

19
4
100% credibility
Found Mar 06, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A set of helper scripts to collect, filter, and analyze public software vulnerability data from GitHub for creating educational AI skills on security patterns.

How It Works

1
🔍 Discover the Helper

You stumble upon this handy tool while looking for ways to gather real examples of software security issues to teach an AI assistant.

2
📁 Set Up Your Folder

You create a simple folder on your computer to hold your AI teaching materials about vulnerability patterns.

3
📦 Choose Your Focus

You pick a software world like Python packages or Go libraries where you want fresh security examples.

4
📊 Gather Security Examples

With one easy command, you pull in lists of the most serious real-world problems, sorted by danger level.

5
🔎 Check Coverage

You scan your existing teaching files to see which issues are already covered and where to add new ones.

6
📄 Get Full Stories

You fetch complete details like descriptions and fixes for the top examples to make your lessons rich.

Skills Ready to Shine

Your AI assistant now has up-to-date, real examples of security pitfalls, making it a smarter teacher.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ghsa-skill-builder?

This Python toolkit automates pulling high-severity vulnerabilities from the GitHub Advisory Database API for ecosystems like PIP, NPM, and GO. It fetches GHSA entries via GraphQL pagination, filters by CVSS score, CWE, or publish date, and grabs full details like descriptions and patch links using REST calls over the GitHub CLI—requiring just a personal access token. Developers get clean JSON downloads of GitHub advisories (with CVE mappings) to build vuln pattern datasets, skipping manual GitHub Advisory Database downloads or NVD comparisons.

Why is it gaining traction?

It handles incremental diffs against local data, CWE-based filtering for patterns like injection or path traversal, and coverage checks for skill libraries—features absent in basic GitHub Advisory RSS or script one-offs. The CLI simplicity (e.g., `fetch_ghsa.py PIP --since 1y --min-cvss 9`) plus built-in summaries of top CWEs and CVSS leaders make it a quick win for mirroring GitHub advisories without rate limit headaches.

Who should use this?

Security engineers curating vuln examples for GitHub Copilot Chat or Claude skills on common CWEs. AI prompt builders feeding GitHub Enterprise repos with real GHSA cases. Teams auditing GitHub repos via GitHub Script actions needing fresh advisory data.

Verdict

Grab it if you're building GHSA-powered vuln trainers—solid CLI flow despite 19 stars and 1.0% credibility score signaling early maturity and thin docs. Pair with tests for production; it's a time-saver for niche advisory mirroring over raw API hacks.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.