Skip to main content
GET
/
vulnerabilities
/
{vulnerabilityId}
Get vulnerability by ID
curl --request GET \
  --url https://api.vanta.com/v1/vulnerabilities/{vulnerabilityId} \
  --header 'Authorization: Bearer <token>'
{
  "id": "a2f7e1b9d0c3f4e5a6c7b8d9",
  "name": "CVE-2021-12345",
  "description": "MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.",
  "integrationId": "Inspector",
  "packageIdentifier": "package",
  "vulnerabilityType": "COMMON",
  "targetId": "targetId",
  "firstDetectedDate": "2021-01-01T00:00:00.000Z",
  "sourceDetectedDate": "2021-01-01T00:00:00.000Z",
  "lastDetectedDate": "2021-01-01T00:00:00.000Z",
  "severity": "CRITICAL",
  "cvssSeverityScore": 9.8,
  "scannerScore": 100,
  "isFixable": true,
  "fixedVersion": "10.6.2",
  "remediateByDate": "2021-01-01T00:00:00.000Z",
  "relatedVulns": [
    "CVE-2021-12345"
  ],
  "relatedUrls": [
    "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-12345"
  ],
  "externalURL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-12345",
  "scanSource": "Not provided",
  "deactivateMetadata": {
    "deactivatedBy": "b2f7e1b9d0c3f4e5a6c7b123",
    "deactivatedOnDate": "2021-01-01T00:00:00.000Z",
    "deactivationReason": "fix is too hard to carry out",
    "deactivatedUntilDate": null,
    "isVulnDeactivatedIndefinitely": true
  }
}

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

vulnerabilityId
string
required

Response

200 - application/json

Ok

id
string
required

Unique identifier for the vulnerability.

name
string
required

Display name of the vulnerability.

description
string
required

Description of the vulnerability.

integrationId
string
required

Integration that the vulnerability is scanned by.

packageIdentifier
string | null
required

Identifier for the package that the vulnerability is found on. Only relevant to vulnerabilities of type COMMON or GROUPED.

vulnerabilityType
enum<string>
required

Type of the vulnerability. Possible values: CONFIGURATION, COMMON, GROUPED.

Available options:
CONFIGURATION,
COMMON,
GROUPED
targetId
string
required

Unique identifier for the underlying resource that the vulnerability is found on.

firstDetectedDate
string<date-time>
required

Date when the vulnerability was first detected by Vanta.

sourceDetectedDate
string<date-time> | null
required

Date when the vulnerability was first detected by the source.

lastDetectedDate
string<date-time> | null
required

Date when the vulnerability was last detected.

severity
enum<string>
required

Severity of the vulnerability. Possible values: LOW, MEDIUM, HIGH, CRITICAL.

Available options:
CRITICAL,
HIGH,
LOW,
MEDIUM
cvssSeverityScore
number<double> | null
required

CVSS severity score of the vulnerability.

scannerScore
number<double> | null
required

Scanner score of the vulnerability.

isFixable
boolean
required

Whether the vulnerability is fixable.

remediateByDate
string<date-time> | null
required

Date when the vulnerability should be remediated by.

relatedVulns
string[]
required

Related vulnerabilities. Only relevant to vulnerabilities of type GROUPED.

relatedUrls
string[]
required

Related URLs.

externalURL
string
required

External URL for the vulnerability.

deactivateMetadata
object
required

Metadata for the deactivation of the vulnerability.

fixedVersion
string | null
required

Package version that remediates the vulnerability when reported by the scanner. Null when unknown or not applicable.

scanSource
string

Scanning tool that detected the vulnerability