GitHub Advisories (GHSA) is a database of CVEs and GitHub-originated security advisories affecting the open source world. Advisories may or may not be documented in the National Vulnerability Database.

Dependency-Track integrates with GHSA by mirroring advisories via GitHub’s public GraphQL API. The mirror is refreshed daily, or upon restart of the Dependency-Track instance. A personal access token (PAT) is required in order to authenticate with GitHub, but no scopes have to be assigned to it. GitHub provides guidance on how to create a PAT here.