Skip to main content
GET
/
{tenant_slug}
/
vulnerabilities
List vulnerabilities
curl --request GET \
  --url https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://app.cysmiq.com/api/v1/{tenant_slug}/vulnerabilities', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
{
  "filters": {
    "repo": "acme/widgets",
    "ref": "main",
    "sha": null,
    "confirmed": true,
    "triaged": null,
    "state": null,
    "assignee": null,
    "sort": null,
    "severity": [
      "high"
    ],
    "type": [
      "dependency"
    ]
  },
  "summary": {
    "total": 2,
    "by_severity": {
      "high": 2
    },
    "by_type": {
      "dependency": 2
    }
  },
  "items": [
    {
      "id": "vc_01hxyz",
      "title": "Prototype Pollution in lodash",
      "repository": {
        "id": "repo_01hxyz",
        "name": "widgets",
        "full_name": "acme/widgets"
      },
      "severity": "high",
      "type": "dependency",
      "status": "open",
      "resolution": null,
      "confirmed": true,
      "triaged": false,
      "introduced_at": "2026-01-10T09:14:00Z",
      "vulnerable_at": "2026-01-10T09:14:00Z",
      "exploitable_at": null,
      "location": {
        "id": "loc_01hxyz",
        "path": "package-lock.json",
        "line": 142,
        "fixed_at": null,
        "vulnerable_at": "2026-01-10T09:14:00Z",
        "exploitable_at": null,
        "is_vulnerable": true,
        "is_exploitable": false,
        "reference": {
          "id": "ref_01hxyz",
          "ref": "main",
          "sha": "a1b2c3d4",
          "type": "branch"
        }
      }
    }
  ],
  "next_cursor": null
}

Authorizations

Authorization
string
header
required

Use a Cysmiq API token in the Authorization header: Bearer {token}.

Path Parameters

tenant_slug
string
required

Workspace slug for the tenant context.

Query Parameters

repo
string | null
Maximum string length: 255
application
string | null
Maximum string length: 255
ref
string | null
Maximum string length: 255
sha
string | null
Pattern: ^[0-9a-fA-F]{7,40}$
confirmed
boolean | null
triaged
enum<string> | null
Available options:
yes,
no
state
enum<string> | null
Available options:
open,
fixed,
accepted,
ignored,
rejected
assignee
string | null
Maximum string length: 255
severity
string | null
Maximum string length: 255
type
string | null
Maximum string length: 255
fields
string | null
Maximum string length: 500
sort
enum<string> | null
Available options:
severity,
newest,
oldest
limit
integer | null
Required range: 1 <= x <= 200
cursor
string | null

Response

Vulnerability list response.

filters
object
required
summary
object
required
items
object[]
required
next_cursor
string | null
required