List vulnerabilities

curl --request GET \
  --url https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities \
  --header 'Authorization: Bearer <token>'

{
  "repository": {
    "id": "repo_01hxyz",
    "full_name": "acme/widgets"
  },
  "reference": {
    "ref": "main",
    "sha": "a1b2c3d4"
  },
  "scan": {
    "id": "scan_01hxyz",
    "status": "completed",
    "finished_at": "2026-01-14T17:45:00Z"
  },
  "filters": {
    "confirmed": true,
    "triaged": null,
    "severity": [
      "high"
    ],
    "type": [
      "dependency"
    ]
  },
  "summary": {
    "total": 2,
    "by_severity": {
      "high": 2
    },
    "by_type": {
      "dependency": 2
    }
  },
  "items": [
    {
      "id": "vc_01hxyz",
      "title": "Prototype Pollution in lodash",
      "severity": "high",
      "type": "dependency",
      "status": "open",
      "resolution": null,
      "confirmed": true,
      "triaged": false,
      "introduced_at": "2026-01-10T09:14:00Z",
      "vulnerable_at": "2026-01-10T09:14:00Z",
      "exploitable_at": null,
      "location": {
        "path": "package-lock.json",
        "line": 142
      }
    }
  ],
  "next_cursor": null
}

GET

{tenant_slug}

vulnerabilities

List vulnerabilities

curl --request GET \
  --url https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities \
  --header 'Authorization: Bearer <token>'

{
  "repository": {
    "id": "repo_01hxyz",
    "full_name": "acme/widgets"
  },
  "reference": {
    "ref": "main",
    "sha": "a1b2c3d4"
  },
  "scan": {
    "id": "scan_01hxyz",
    "status": "completed",
    "finished_at": "2026-01-14T17:45:00Z"
  },
  "filters": {
    "confirmed": true,
    "triaged": null,
    "severity": [
      "high"
    ],
    "type": [
      "dependency"
    ]
  },
  "summary": {
    "total": 2,
    "by_severity": {
      "high": 2
    },
    "by_type": {
      "dependency": 2
    }
  },
  "items": [
    {
      "id": "vc_01hxyz",
      "title": "Prototype Pollution in lodash",
      "severity": "high",
      "type": "dependency",
      "status": "open",
      "resolution": null,
      "confirmed": true,
      "triaged": false,
      "introduced_at": "2026-01-10T09:14:00Z",
      "vulnerable_at": "2026-01-10T09:14:00Z",
      "exploitable_at": null,
      "location": {
        "path": "package-lock.json",
        "line": 142
      }
    }
  ],
  "next_cursor": null
}

Authorizations

Authorization

string

header

required

Use a Cysmiq API token in the Authorization header: Bearer {token}.

Path Parameters

tenant_slug

string

required

Workspace slug for the tenant context.

Query Parameters

repo

string

required

Repository identifier: prefixed id (repo_...) or org/name path.

Maximum string length: 255

ref

string | null

Branch or tag name. Defaults to the repository default branch.

Maximum string length: 255

sha

string | null

Commit SHA to scope the scan. Must be 7-40 hex chars.

Pattern: ^[0-9a-fA-F]{7,40}$

confirmed

boolean | null

Only confirmed vulnerabilities. Defaults to true.

triaged

enum<string> | null

Filter by triage state. Allowed: yes, no.

Available options:

yes,

no

severity

string | null

Comma-separated severities. Allowed: critical, high, medium, low.

Maximum string length: 255

type

string | null

Comma-separated types. Allowed: code, dependency, secret.

Maximum string length: 255

limit

integer | null

Max items per page (1-200). Default 50.

Required range: 1 <= x <= 200

cursor

string | null

Cursor for pagination from next_cursor.

Response

Vulnerability list response.

repository

object

required

Show child attributes

reference

object

required

Show child attributes

scan

object

required

Show child attributes

filters

object

required

Show child attributes

summary

object

required

Show child attributes

items

object[]

required

Show child attributes

next_cursor

string

required

Who am I Get vulnerability

⌘I

Overview

Endpoints

List vulnerabilities

Authorizations

Path Parameters

Query Parameters

Response