github
diff --git a/‎README.md
Lines changed: 27 additions & 3 deletions b/‎README.md
Lines changed: 27 additions & 3 deletions
diff --git a/‎pkg/github/security_advisories.go
Lines changed: 227 additions & 0 deletions b/‎pkg/github/security_advisories.go
Lines changed: 227 additions & 0 deletions
@@ -36,7 +36,7 @@ Alternatively, to manually configure VS Code, choose the appropriate JSON block
 <tr><th align=left colspan=2>VS Code (version 1.101 or greater)</th></tr>
 <tr valign=top>
 <td>
-  
+
 ```json
 {
   "servers": {
@@ -130,7 +130,7 @@ To keep your GitHub PAT secure and reusable across different MCP hosts:
    ```bash
    # CLI usage
    claude mcp update github -e GITHUB_PERSONAL_ACCESS_TOKEN=$GITHUB_PAT
-   
+
    # In config files (where supported)
    "env": {
      "GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_PAT"
@@ -241,7 +241,7 @@ For other MCP host applications, please refer to our installation guides:
 
 - **[GitHub Copilot in other IDEs](/docs/installation-guides/install-other-copilot-ides.md)** - Installation for JetBrains, Visual Studio, Eclipse, and Xcode with GitHub Copilot
 - **[Claude Code & Claude Desktop](docs/installation-guides/install-claude.md)** - Installation guide for Claude Code and Claude Desktop
-- **[Cursor](docs/installation-guides/install-cursor.md)** - Installation guide for Cursor IDE  
+- **[Cursor](docs/installation-guides/install-cursor.md)** - Installation guide for Cursor IDE
 - **[Windsurf](docs/installation-guides/install-windsurf.md)** - Installation guide for Windsurf IDE
 
 For a complete overview of all installation options, see our **[Installation Guides Index](docs/installation-guides/installation-guides.md)**.
@@ -928,6 +928,30 @@ The following sets of tools are available (all are on by default):
   - `sort`: Sort users by number of followers or repositories, or when the person joined GitHub. (string, optional)
 
 </details>
+
+
+<summary>Security Advisories</summary>
+
+<details>
+- **`list_global_security_advisories`** - List global security advisories
+  - **Parameters**:
+    - * `ghsaId`: Filter by GitHub Security Advisory ID (string, optional – format: `GHSA-xxxx-xxxx-xxxx`)
+    - * `type`: Advisory type (string, optional – one of `reviewed`, `malware`, `unreviewed`)
+    - * `cveId`: Filter by CVE ID (string, optional)
+    - * `ecosystem`: Filter by package ecosystem (string, optional – one of `actions`, `composer`, `erlang`, `go`, `maven`, `npm`, `nuget`, `other`, `pip`, `pub`, `rubygems`, `rust`)
+    - * `severity`: Filter by severity (string, optional – one of `unknown`, `low`, `medium`, `high`, `critical`)
+    - * `cwes`: Filter by Common Weakness Enumeration IDs (array of strings, optional – e.g. `["79", "284", "22"]`)
+    - * `isWithdrawn`: Whether to only return withdrawn advisories (boolean, optional)
+    - * `affects`: Filter advisories by affected package or version (string, optional – e.g. `"package1,package2@1.0.0"`)
+    - * `published`: Filter by publish date or date range (string, optional – ISO 8601 date or range)
+    - * `updated`: Filter by update date or date range (string, optional – ISO 8601 date or range)
+    - * `modified`: Filter by publish or update date or date range (string, optional – ISO 8601 date or range)
+
+- **`get_global_security_advisory`** = Get a global security advisory
+  - **Template**: `advisories/{ghsaId}`
+
+</details>
+
 <!-- END AUTOMATED TOOLS -->
 
 ### Additional Tools in Remote Github MCP Server
 
@@ -0,0 +1,227 @@
+package github
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/github/github-mcp-server/pkg/translations"
+	"github.com/google/go-github/v74/github"
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/mark3labs/mcp-go/server"
+)
+
+func ListGlobalSecurityAdvisories(getClient GetClientFn, t translations.TranslationHelperFunc) (tool mcp.Tool, handler server.ToolHandlerFunc) {
+	return mcp.NewTool("list_global_security_advisories",
+			mcp.WithDescription(t("TOOL_LIST_GLOBAL_SECURITY_ADVISORIES_DESCRIPTION", "List global security advisories from GitHub.")),
+			mcp.WithToolAnnotation(mcp.ToolAnnotation{
+				Title:        t("TOOL_LIST_GLOBAL_SECURITY_ADVISORIES_USER_TITLE", "List global security advisories"),
+				ReadOnlyHint: ToBoolPtr(true),
+			}),
+			mcp.WithString("ghsaId",
+				mcp.Description("Filter by GitHub Security Advisory ID (format: GHSA-xxxx-xxxx-xxxx)."),
+			),
+			mcp.WithString("type",
+				mcp.Required(),
+				mcp.Description("Advisory type."),
+				mcp.Enum("reviewed", "malware", "unreviewed"),
+				mcp.DefaultString("reviewed"),
+			),
+			mcp.WithString("cveId",
+				mcp.Description("Filter by CVE ID."),
+			),
+			mcp.WithString("ecosystem",
+				mcp.Description("Filter by package ecosystem."),
+				mcp.Enum("actions", "composer", "erlang", "go", "maven", "npm", "nuget", "other", "pip", "pub", "rubygems", "rust"),
+			),
+			mcp.WithString("severity",
+				mcp.Description("Filter by severity."),
+				mcp.Enum("unknown", "low", "medium", "high", "critical"),
+			),
+			mcp.WithArray("cwes",
+				mcp.Description("Filter by Common Weakness Enumeration IDs (e.g. [\"79\", \"284\", \"22\"])."),
+				mcp.Items(map[string]any{
+					"type": "string",
+				}),
+			),
+			mcp.WithBoolean("isWithdrawn",
+				mcp.Description("Whether to only return withdrawn advisories."),
+			),
+			mcp.WithString("affects",
+				mcp.Description("Filter advisories by affected package or version (e.g. \"package1,package2@1.0.0\")."),
+			),
+			mcp.WithString("published",
+				mcp.Description("Filter by publish date or date range (ISO 8601 date or range)."),
+			),
+			mcp.WithString("updated",
+				mcp.Description("Filter by update date or date range (ISO 8601 date or range)."),
+			),
+			mcp.WithString("modified",
+				mcp.Description("Filter by publish or update date or date range (ISO 8601 date or range)."),
+			),
+		), func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			client, err := getClient(ctx)
+			if err != nil {
+				return nil, fmt.Errorf("failed to get GitHub client: %w", err)
+			}
+
+			ghsaID, err := OptionalParam[string](request, "ghsaId")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid ghsaId: %v", err)), nil
+			}
+
+			typ, err := RequiredParam[string](request, "type")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid type: %v", err)), nil
+			}
+
+			cveID, err := OptionalParam[string](request, "cveId")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid cveId: %v", err)), nil
+			}
+
+			eco, err := OptionalParam[string](request, "ecosystem")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid ecosystem: %v", err)), nil
+			}
+
+			sev, err := OptionalParam[string](request, "severity")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid severity: %v", err)), nil
+			}
+
+			cwes, err := OptionalParam[[]string](request, "cwes")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid cwes: %v", err)), nil
+			}
+
+			isWithdrawn, err := OptionalParam[bool](request, "isWithdrawn")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid isWithdrawn: %v", err)), nil
+			}
+
+			affects, err := OptionalParam[string](request, "affects")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid affects: %v", err)), nil
+			}
+
+			published, err := OptionalParam[string](request, "published")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid published: %v", err)), nil
+			}
+
+			updated, err := OptionalParam[string](request, "updated")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid updated: %v", err)), nil
+			}
+
+			modified, err := OptionalParam[string](request, "modified")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid modified: %v", err)), nil
+			}
+
+			opts := &github.ListGlobalSecurityAdvisoriesOptions{}
+
+			if ghsaID != "" {
+				opts.GHSAID = &ghsaID
+			}
+			if typ != "" {
+				opts.Type = &typ
+			}
+			if cveID != "" {
+				opts.CVEID = &cveID
+			}
+			if eco != "" {
+				opts.Ecosystem = &eco
+			}
+			if sev != "" {
+				opts.Severity = &sev
+			}
+			if cwes != nil && len(cwes) > 0 {
+				opts.CWEs = cwes
+			}
+
+			opts.IsWithdrawn = &isWithdrawn
+
+			if affects != "" {
+				opts.Affects = &affects
+			}
+			if published != "" {
+				opts.Published = &published
+			}
+			if updated != "" {
+				opts.Updated = &updated
+			}
+			if modified != "" {
+				opts.Modified = &modified
+			}
+
+			advisories, resp, err := client.SecurityAdvisories.ListGlobalSecurityAdvisories(ctx, opts)
+			if err != nil {
+				return nil, fmt.Errorf("failed to list global security advisories: %w", err)
+			}
+			defer func() { _ = resp.Body.Close() }()
+
+			if resp.StatusCode != http.StatusOK {
+				body, err := io.ReadAll(resp.Body)
+				if err != nil {
+					return nil, fmt.Errorf("failed to read response body: %w", err)
+				}
+				return mcp.NewToolResultError(fmt.Sprintf("failed to list advisories: %s", string(body))), nil
+			}
+
+			r, err := json.Marshal(advisories)
+			if err != nil {
+				return nil, fmt.Errorf("failed to marshal advisories: %w", err)
+			}
+
+			return mcp.NewToolResultText(string(r)), nil
+		}
+}
+
+func GetGlobalSecurityAdvisory(getClient GetClientFn, t translations.TranslationHelperFunc) (tool mcp.Tool, handler server.ToolHandlerFunc) {
+	return mcp.NewTool("get_global_security_advisory",
+			mcp.WithDescription(t("TOOL_GET_GLOBAL_SECURITY_ADVISORY_DESCRIPTION", "Get a global security advisory")),
+			mcp.WithToolAnnotation(mcp.ToolAnnotation{
+				Title:        t("TOOL_GET_GLOBAL_SECURITY_ADVISORY_USER_TITLE", "Get a global security advisory"),
+				ReadOnlyHint: ToBoolPtr(true),
+			}),
+			mcp.WithString("ghsaId",
+				mcp.Description("GitHub Security Advisory ID (format: GHSA-xxxx-xxxx-xxxx)."),
+				mcp.Required(),
+			),
+		), func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			client, err := getClient(ctx)
+			if err != nil {
+				return nil, fmt.Errorf("failed to get GitHub client: %w", err)
+			}
+
+			ghsaID, err := RequiredParam[string](request, "ghsaId")
+			if err != nil {
+				return mcp.NewToolResultError(fmt.Sprintf("invalid ghsaId: %v", err)), nil
+			}
+
+			advisory, resp, err := client.SecurityAdvisories.GetGlobalSecurityAdvisories(ctx, ghsaID)
+			if err != nil {
+				return nil, fmt.Errorf("failed to get advisory: %w", err)
+			}
+			defer func() { _ = resp.Body.Close() }()
+
+			if resp.StatusCode != http.StatusOK {
+				body, err := io.ReadAll(resp.Body)
+				if err != nil {
+					return nil, fmt.Errorf("failed to read response body: %w", err)
+				}
+				return mcp.NewToolResultError(fmt.Sprintf("failed to get advisory: %s", string(body))), nil
+			}
+
+			r, err := json.Marshal(advisory)
+			if err != nil {
+				return nil, fmt.Errorf("failed to marshal advisory: %w", err)
+			}
+
+			return mcp.NewToolResultText(string(r)), nil
+		}
+}