Get vulnerability

curl --request GET \
  --url https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities/{vulnerability} \
  --header 'Authorization: Bearer <token>'

{
  "vulnerability": {
    "id": "vc_01hxyz",
    "title": "Prototype Pollution in lodash",
    "severity": "high",
    "type": "dependency",
    "status": "open",
    "resolution": null,
    "confirmed": true,
    "triaged": false,
    "introduced_at": "2026-01-10T09:14:00Z",
    "vulnerable_at": "2026-01-10T09:14:00Z",
    "exploitable_at": null,
    "human_escalation_required_at": null,
    "fixed_at": null,
    "resolved_at": null,
    "created_at": "2026-01-10T09:14:00Z",
    "updated_at": "2026-01-12T11:02:00Z",
    "cwes": [
      {
        "id": "cwe_79",
        "cwe_id": "CWE-79",
        "name": "Cross-site Scripting"
      }
    ]
  },
  "repository": {
    "id": "repo_01hxyz",
    "name": "widgets",
    "full_name": "acme/widgets"
  },
  "reference": {
    "id": "ref_01hxyz",
    "ref": "main",
    "sha": "a1b2c3d4",
    "type": "branch"
  },
  "scan": {
    "id": "scan_01hxyz",
    "status": "completed",
    "ref": "main",
    "sha": "a1b2c3d4",
    "finished_at": "2026-01-14T17:45:00Z",
    "started_at": "2026-01-14T17:40:00Z"
  },
  "locations": {
    "display": {
      "id": "loc_01hxyz",
      "path": "package-lock.json",
      "line": 142,
      "fixed_at": null,
      "vulnerable_at": "2026-01-10T09:14:00Z",
      "exploitable_at": null,
      "is_vulnerable": true,
      "is_exploitable": false,
      "reference": {
        "id": "ref_01hxyz",
        "ref": "main"
      },
      "artifact": {
        "id": "dep_01hxyz",
        "type": "dependency"
      }
    },
    "summary": {
      "total": 1,
      "active": 1,
      "fixed": 0,
      "has_exploitable": false
    }
  },
  "details": {
    "type": "dependency",
    "package": {
      "id": "pkg_01hxyz",
      "purl": "pkg:npm/lodash@4.17.20",
      "type": "npm",
      "namespace": null,
      "name": "lodash",
      "version": "4.17.20",
      "repository_url": "https://github.com/lodash/lodash"
    },
    "identifiers": {
      "ghsa": "GHSA-xxxx-xxxx-xxxx",
      "cve": "CVE-2021-0000"
    }
  }
}

GET

{tenant_slug}

vulnerabilities

{vulnerability}

Get vulnerability

curl --request GET \
  --url https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities/{vulnerability} \
  --header 'Authorization: Bearer <token>'

{
  "vulnerability": {
    "id": "vc_01hxyz",
    "title": "Prototype Pollution in lodash",
    "severity": "high",
    "type": "dependency",
    "status": "open",
    "resolution": null,
    "confirmed": true,
    "triaged": false,
    "introduced_at": "2026-01-10T09:14:00Z",
    "vulnerable_at": "2026-01-10T09:14:00Z",
    "exploitable_at": null,
    "human_escalation_required_at": null,
    "fixed_at": null,
    "resolved_at": null,
    "created_at": "2026-01-10T09:14:00Z",
    "updated_at": "2026-01-12T11:02:00Z",
    "cwes": [
      {
        "id": "cwe_79",
        "cwe_id": "CWE-79",
        "name": "Cross-site Scripting"
      }
    ]
  },
  "repository": {
    "id": "repo_01hxyz",
    "name": "widgets",
    "full_name": "acme/widgets"
  },
  "reference": {
    "id": "ref_01hxyz",
    "ref": "main",
    "sha": "a1b2c3d4",
    "type": "branch"
  },
  "scan": {
    "id": "scan_01hxyz",
    "status": "completed",
    "ref": "main",
    "sha": "a1b2c3d4",
    "finished_at": "2026-01-14T17:45:00Z",
    "started_at": "2026-01-14T17:40:00Z"
  },
  "locations": {
    "display": {
      "id": "loc_01hxyz",
      "path": "package-lock.json",
      "line": 142,
      "fixed_at": null,
      "vulnerable_at": "2026-01-10T09:14:00Z",
      "exploitable_at": null,
      "is_vulnerable": true,
      "is_exploitable": false,
      "reference": {
        "id": "ref_01hxyz",
        "ref": "main"
      },
      "artifact": {
        "id": "dep_01hxyz",
        "type": "dependency"
      }
    },
    "summary": {
      "total": 1,
      "active": 1,
      "fixed": 0,
      "has_exploitable": false
    }
  },
  "details": {
    "type": "dependency",
    "package": {
      "id": "pkg_01hxyz",
      "purl": "pkg:npm/lodash@4.17.20",
      "type": "npm",
      "namespace": null,
      "name": "lodash",
      "version": "4.17.20",
      "repository_url": "https://github.com/lodash/lodash"
    },
    "identifiers": {
      "ghsa": "GHSA-xxxx-xxxx-xxxx",
      "cve": "CVE-2021-0000"
    }
  }
}

Authorizations

Authorization

string

header

required

Use a Cysmiq API token in the Authorization header: Bearer {token}.

Path Parameters

vulnerability

string

required

Vulnerability prefixed id (vc_...).

Query Parameters

include

string | null

Comma-separated includes: locations, snippet, advisory, secret, call_hierarchies, impacts.

Maximum string length: 255

locations_limit

integer | null

Max locations to include when include=locations (1-200). Default 50.

Required range: 1 <= x <= 200

Response

Vulnerability detail response.

vulnerability

object

required

Show child attributes

repository

object

required

Show child attributes

reference

object

required

Show child attributes

scan

object

required

Show child attributes

locations

object

required

Show child attributes

details

object

required

Show child attributes

List vulnerabilities

⌘I

Overview

Endpoints

Get vulnerability

Authorizations

Path Parameters

Query Parameters

Response