Updated on 2025-09-22 GMT+08:00

Querying the Vulnerability List

Function

This API is used to query the list of detected vulnerabilities.

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps.

type

No

String

Vulnerability type. Its value can be:

-linux_vul

-windows_vul

-web_cms

vul_id

No

String

Vulnerability ID

vul_name

No

String

Vulnerability name

limit

No

Integer

Number of records displayed on each page

offset

No

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0.

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

IAM token.

It can be obtained by calling the IAM API used to obtain an IAM token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Long

Total number of vulnerabilities

data_list

Array of VulInfo objects

Software vulnerability list

Table 5 VulInfo

Parameter

Type

Description

vul_name

String

Vulnerability name

vul_id

String

Vulnerability ID

label_list

Array of strings

Vulnerability tag

repair_necessity

String

Repair necessity

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

severity_level

String

Severity

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

host_num

Integer

Number of affected servers

unhandle_host_num

Integer

Number of unprocessed servers, excluding ignored and fixed servers.

scan_time

Long

Last scanned, in ms.

solution_detail

String

Vulnerability fixing guide

url

String

Vulnerability URL

description

String

Vulnerability description

type

String

Vulnerability type. Its value can be:

-linux_vul

-windows_vul

-web_cms

host_id_list

Array of strings

List of servers that can handle the vulnerability

hosts_num

VulnerabilityHostNumberInfo object

Affected server

Table 6 VulnerabilityHostNumberInfo

Parameter

Type

Description

important

Integer

Number of important servers

common

Integer

Number of common servers

test

Integer

Number of test servers

Example Requests

Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

Example Responses

Status code: 200

vulnerability list

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities"
  } ]
}

Status Codes

Status Code

Description

200

vulnerability list

Error Codes

See Error Codes.