Updated on 2025-09-24 GMT+08:00

Querying the Vulnerability List

Function

This API is used to query the list of detected vulnerabilities.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

User project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise user ID

type

No

String

Vulnerability type. The options are as follows:

-linux_vul: Linux vulnerability

-windows_vul: windows vulnerability

-web_cms: Web-CMS vulnerability

-app_vul: application vulnerability

vul_id

No

String

Vulnerability ID

vul_name

No

String

Vulnerability name

limit

No

Integer

Number of records displayed on each page

offset

No

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.

repair_priority

No

String

Fix Priority

Critical

High

Medium

Low

handle_status

No

String

description: |-

Handling status. The options are as follows:

- unhandled

- handled

cve_id

No

String

Vulnerability ID

label_list

No

String

Vulnerability tag

status

No

String

Vulnerability status

asset_value

No

String

Asset importance

important

common

test

group_name

No

String

Server group name

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

x-auth-token

Yes

String

User token.

It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Long

Total number of software vulnerabilities

data_list

Array of VulInfo objects

Software vulnerability list

Table 5 VulInfo

Parameter

Type

Description

vul_name

String

Vulnerability name

vul_id

String

Vulnerability ID

label_list

Array of strings

Vulnerability tag

repair_necessity

String

Necessity to repair

severity_level

String

Vulnerability level

host_num

Integer

Number of affected servers

unhandle_host_num

Integer

Number of unhandled servers

scan_time

Long

Last scan time

solution_detail

String

Solution

url

String

Vulnerability URL

description

String

Vulnerability description

type

String

Vulnerability type. The options are as follows:

-linux_vul: Linux vulnerability

-windows_vul: windows vulnerability

-web_cms: Web-CMS vulnerability

-app_vul: application vulnerability

host_id_list

Array of strings

Host list

cve_list

Array of cve_list objects

CVE list

patch_url

String

Patch address

repair_priority

String

Fix Priority

Critical

High

Medium

Low

hosts_num

VulnerabilityHostNumberInfo object

Affected server

repair_success_num

Integer

Number of successful repairs

fixed_num

Long

Number of repairs

ignored_num

Long

Number of ignored items

verify_num

Integer

Number of verifications

Table 6 cve_list

Parameter

Type

Description

cve_id

String

CVE ID

cvss

Float

CVSS score

Table 7 VulnerabilityHostNumberInfo

Parameter

Type

Description

important

Integer

Number of important servers

common

Integer

Number of common servers

test

Integer

Number of test servers

Example Requests

Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

Example Responses

Status code: 200

vulnerability list

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities"
  } ]
}

Status Codes

Status Code

Description

200

vulnerability list

Error Codes

See Error Codes.