Querying the Vulnerability List

Function

This API is used to query the list of detected vulnerabilities.

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps.
type	No	String	Vulnerability type. Its value can be: -linux_vul -windows_vul -web_cms
vul_id	No	String	Vulnerability ID
vul_name	No	String	Vulnerability name
limit	No	Integer	Number of records displayed on each page
offset	No	Integer	Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	IAM token. It can be obtained by calling the IAM API used to obtain an IAM token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Long	Total number of vulnerabilities
data_list	Array of VulInfo objects	Software vulnerability list

**Table 5** VulInfo
Parameter	Type	Description
vul_name	String	Vulnerability name
vul_id	String	Vulnerability ID
label_list	Array of strings	Vulnerability tag
repair_necessity	String	Repair necessity Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console. High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console. Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console. Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.
severity_level	String	Severity Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console. High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console. Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console. Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.
host_num	Integer	Number of affected servers
unhandle_host_num	Integer	Number of unprocessed servers, excluding ignored and fixed servers.
scan_time	Long	Last scanned, in ms.
solution_detail	String	Vulnerability fixing guide
url	String	Vulnerability URL
description	String	Vulnerability description
type	String	Vulnerability type. Its value can be: -linux_vul -windows_vul -web_cms
host_id_list	Array of strings	List of servers that can handle the vulnerability
hosts_num	VulnerabilityHostNumberInfo object	Affected server

**Table 6** VulnerabilityHostNumberInfo
Parameter	Type	Description
important	Integer	Number of important servers
common	Integer	Number of common servers
test	Integer	Number of test servers

Example Requests

Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

Example Responses

Status code: 200

vulnerability list

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities"
  } ]
}

Status Codes

Status Code	Description
200	vulnerability list

Error Codes

See Error Codes.

Parent Topic: Vulnerability Management

Previous topic: Vulnerability Management

Next topic: Querying the Servers Affected by a Vulnerability

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.