Querying the Vulnerability List

Function

This API is used to query the list of detected vulnerabilities.

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Minimum: 1

Maximum: 256
Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps.

Default: 0

Minimum: 0

Maximum: 256

type

No

String

Vulnerability type. Its value can be: -linux_vul -windows_vul -web_cms

Minimum: 0

Maximum: 32

vul_id

No

String

Vulnerability ID

Minimum: 0

Maximum: 256

vul_name

No

String

Vulnerability name

Minimum: 0

Maximum: 256

limit

No

Integer

Number of records displayed on each page

Minimum: 0

Maximum: 200

Default: 10

offset

No

Integer

Offset, which specifies the start position of the record to be returned.

Minimum: 0

Maximum: 2000000

Default: 0

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

Minimum: 1

Maximum: 32768

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Long

Total number of vulnerabilities

Minimum: 0

Maximum: 2147483647

data_list

Array of VulInfo objects

Software vulnerability list

Array Length: 0 - 2147483647
Table 5 VulInfo

Parameter

Type

Description

vul_name

String

Vulnerability name

Minimum: 0

Maximum: 256

vul_id

String

Vulnerability ID

Minimum: 0

Maximum: 64

label_list

Array of strings

Vulnerability tag

Minimum: 0

Maximum: 65534

Array Length: 0 - 2147483647

repair_necessity

String

Repair necessity

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

severity_level

String

Severity

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

host_num

Integer

Number of affected servers

Minimum: 0

Maximum: 2147483647

unhandle_host_num

Integer

Number of unprocessed servers, excluding ignored and fixed servers.

Minimum: 0

Maximum: 2147483647

scan_time

Long

Last scanned, in ms.

Minimum: 0

Maximum: 9223372036854775807

solution_detail

String

Vulnerability fixing guide

Minimum: 0

Maximum: 65534

url

String

Vulnerability URL

Minimum: 0

Maximum: 2083

description

String

Vulnerability description

Minimum: 0

Maximum: 65534

type

String

Vulnerability type. Its value can be:-linux_vul -windows_vul -web_cms

host_id_list

Array of strings

List of servers that can handle the vulnerability

Minimum: 0

Maximum: 128

Array Length: 0 - 2147483647

hosts_num

VulnerabilityHostNumberInfo object

Number of affected servers
Table 6 VulnerabilityHostNumberInfo

Parameter

Type

Description

important

Integer

Number of important servers

Minimum: 0

Maximum: 10000

common

Integer

Number of common servers

Minimum: 0

Maximum: 10000

test

Integer

Number of test servers

Minimum: 0

Maximum: 10000

Example Requests

Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

Example Responses

Status code: 200

vulnerability list

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities"
  } ]
}

Status Codes

Status Code

Description

200

vulnerability list

Error Codes

See Error Codes.

Parent topic: Vulnerability Management