Issues | Snyk User Docs

List issues for a package

get

Query issues for a specific package version identified by Package URL (purl). Snyk returns only direct vulnerabilities. Transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.

Authorizations

Path parameters

purlstringrequired

A URI-encoded Package URL (purl). Supported purl types are apk, cargo, cocoapods, composer, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, and swift. A version for the package is also required.

Example: pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0

org_idstring · uuidrequired

Unique identifier for an organization

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

offsetnumberoptional

Specify the number of results to skip before returning results. Must be greater than or equal to 0. Default is 0.

limitnumberoptional

Specify the number of results to return. Must be greater than 0 and less than 1000. Default is 1000.

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/packages/{purl}/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

400

401

403

404

409

500

{
  "data": [
    {
      "attributes": {
        "coordinates": [
          {
            "remedies": [
              {
                "description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
                "details": {
                  "upgrade_package": "5.4.0,6.4.0"
                },
                "type": "indeterminate"
              }
            ],
            "representations": [
              {
                "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
              }
            ]
          }
        ],
        "created_at": "2022-06-16T13:51:13Z",
        "description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
        "effective_severity_level": "info",
        "problems": [
          {
            "disclosed_at": "2025-03-25T16:23:08.632Z",
            "discovered_at": "2025-03-25T16:23:08.632Z",
            "id": "CWE-61",
            "source": "CVE",
            "updated_at": "2025-03-25T16:23:08.632Z",
            "url": "https://example.com"
          }
        ],
        "severities": [
          {
            "level": "medium",
            "score": 5.3,
            "source": "Snyk",
            "type": "primary",
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "4.0"
          }
        ],
        "slots": {
          "disclosure_time": "2022-06-16T13:51:13Z",
          "exploit_details": {
            "maturity_levels": [
              {
                "format": "CVSSv4",
                "level": "Attacked",
                "type": "primary"
              }
            ],
            "sources": [
              "text"
            ]
          },
          "publication_time": "2022-06-16T14:00:24.315507Z",
          "references": [
            {
              "title": "text",
              "url": "text"
            }
          ]
        },
        "title": "XML External Entity (XXE) Injection",
        "type": "package_vulnerability",
        "updated_at": "2022-06-16T14:00:24.315507Z"
      },
      "id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
      "type": "issue"
    }
  ],
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  },
  "meta": {
    "package": {
      "name": "spring-core",
      "namespace": "org.springframework",
      "type": "maven",
      "url": "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0",
      "version": "1.0.0"
    }
  }
}

Returns an array of issues

List issues for a given set of packages (Currently not available to all customers)

post

This endpoint is currently restricted and is not available to all customers. Query issues for a batch of packages identified by Package URL (purl). Only direct vulnerabilities are returned; transitive vulnerabilities (from dependencies) are not included as they can vary depending on the context.

Authorizations

Path parameters

org_idstring · uuidrequired

Unique identifier for an organization

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

Body

dataobjectrequired

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/packages/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/vnd.api+json' \
  --data '{
    "data": {
      "attributes": {
        "purls": [
          "text"
        ]
      },
      "type": "resource"
    }
  }'

200

400

401

403

404

409

500

{
  "data": [
    {
      "attributes": {
        "coordinates": [
          {
            "remedies": [
              {
                "description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
                "details": {
                  "upgrade_package": "5.4.0,6.4.0"
                },
                "type": "indeterminate"
              }
            ],
            "representations": [
              {
                "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
              }
            ]
          }
        ],
        "created_at": "2022-06-16T13:51:13Z",
        "description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
        "effective_severity_level": "info",
        "problems": [
          {
            "disclosed_at": "2025-03-25T16:23:08.632Z",
            "discovered_at": "2025-03-25T16:23:08.632Z",
            "id": "CWE-61",
            "source": "CVE",
            "updated_at": "2025-03-25T16:23:08.632Z",
            "url": "https://example.com"
          }
        ],
        "severities": [
          {
            "level": "medium",
            "score": 5.3,
            "source": "Snyk",
            "type": "primary",
            "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "4.0"
          }
        ],
        "slots": {
          "disclosure_time": "2022-06-16T13:51:13Z",
          "exploit_details": {
            "maturity_levels": [
              {
                "format": "CVSSv4",
                "level": "Attacked",
                "type": "primary"
              }
            ],
            "sources": [
              "text"
            ]
          },
          "publication_time": "2022-06-16T14:00:24.315507Z",
          "references": [
            {
              "title": "text",
              "url": "text"
            }
          ]
        },
        "title": "XML External Entity (XXE) Injection",
        "type": "package_vulnerability",
        "updated_at": "2022-06-16T14:00:24.315507Z"
      },
      "id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
      "type": "issue"
    }
  ],
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  },
  "meta": {
    "errors": [
      {
        "detail": "Not Found",
        "status": "404"
      }
    ]
  }
}

Returns an array of issues with the purl identifier of the package that caused them

Get issues by org ID

get

Get a list of an organization's issues.

Authorizations

Path parameters

org_idstring · uuidrequired

Org ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

starting_afterstringoptional

Return the page of results immediately after this cursor

Example: v1.eyJpZCI6IjEwMDAifQo=

ending_beforestringoptional

Return the page of results immediately before this cursor

Example: v1.eyJpZCI6IjExMDAifQo=

limitinteger · int32 · min: 10 · max: 100 · default: 10optional

Number of results to return per page

Example: 10

scan_item.idstring · uuidoptional

A scan item id to filter issues through their scan item relationship.

Example: 4a18d42f-0706-4ad0-b127-24078731fbee

scan_item.typestring · enumoptional

A scan item types to filter issues through their scan item relationship.

Example: project

Options: project, environment

typestring · enumoptional

The type of an issue.

Example: cloud

Options: package_vulnerability, license, cloud, code, custom, config

updated_beforestring · date-timeoptional

A filter to select issues updated before this date.

updated_afterstring · date-timeoptional

A filter to select issues updated after this date.

created_beforestring · date-timeoptional

A filter to select issues created before this date.

created_afterstring · date-timeoptional

A filter to select issues created after this date.

effective_severity_levelstring · enum[]optional

One or more effective severity levels to filter issues.

statusstring · enum[]optional

An issue's status

ignoredbooleanoptional

Whether an issue is ignored or not.

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

401

403

404

500

An example of a list issue response for a Cloud issue.

An example of a list issue response for a Code issue.

An example of a list issue response for an Infrastructure as Code issue.

An example of a list issue response for an Open Source issue.

{
  "data": [
    {
      "attributes": {
        "classes": [
          {
            "id": "data",
            "source": "snyk-cloud",
            "type": "rule-category"
          },
          {
            "id": "CIS-AWS_v1.3.0_2.1.2",
            "source": "CIS-AWS_v1.3.0",
            "type": "compliance"
          },
          {
            "id": "CIS-AWS_v1.4.0_2.1.2",
            "source": "CIS-AWS_v1.4.0",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.306(a)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.312(a)(2)(iv)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_v2013_164.312(e)(2)(ii)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          }
        ],
        "coordinates": [
          {
            "remedies": [
              {
                "description": "1. Go to the AWS console\n2. Navigate to the S3 service page\n3. ...",
                "type": "manual"
              },
              {
                "description": "1. Find the corresponding AWS::S3::Bucket resource\n2. ...",
                "type": "cloudformation"
              },
              {
                "description": "1. Find the corresponding aws_s3_bucket resource\n2. ...",
                "type": "terraform"
              },
              {
                "description": "Buckets should not ...",
                "type": "rule_result_message"
              }
            ],
            "representations": [
              {
                "cloud_resource": {
                  "environment": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b6",
                    "name": "Staging",
                    "native_id": "721018433921",
                    "type": "aws"
                  },
                  "resource": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b7",
                    "input_type": "cloud_scan",
                    "location": "us-east-1",
                    "name": "policy-test-remediation",
                    "native_id": "arn:aws:s3:::policy-test-remediation",
                    "platform": "aws",
                    "resource_type": "aws_s3_bucket",
                    "tags": {
                      "Stage": "Prod"
                    },
                    "type": "cloud"
                  }
                }
              }
            ]
          }
        ],
        "created_at": "2022-09-27T20:09:05Z",
        "description": "To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.",
        "effective_severity_level": "medium",
        "ignored": false,
        "key": "b50f2832-a901-565e-9e06-e4e59e8582b6",
        "problems": [
          {
            "id": "SNYK-CC-00181",
            "source": "snyk-cloud",
            "type": "rule"
          }
        ],
        "resolution": {
          "details": "rule_passed",
          "resolved_at": "2022-09-28T20:09:05Z",
          "type": "fixed"
        },
        "status": "resolved",
        "title": "S3 bucket policies should only allow requests that use HTTPS",
        "tool": "snyk://cloud",
        "type": "cloud",
        "updated_at": "2022-09-28T20:09:05Z"
      },
      "id": "d8db944b-d25a-477d-9c26-a63befad8ada",
      "relationships": {
        "organization": {
          "data": {
            "id": "81e93f62-135f-48bc-84d0-47f16822313f",
            "type": "organization"
          }
        },
        "scan_item": {
          "data": {
            "id": "24c8e771-ab3b-4e85-ac4f-f73950ba4acf",
            "type": "environment"
          }
        }
      },
      "type": "issue"
    }
  ],
  "jsonapi": {
    "version": "1.0"
  }
}

Returns a collection of issues.

Get an issue

get

Get an issue

Authorizations

Path parameters

org_idstring · uuidrequired

Org ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

issue_idstring · uuidrequired

Issue ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/orgs/{org_id}/issues/{issue_id}?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

400

401

403

404

409

500

{
  "data": {
    "attributes": {
      "classes": [
        {
          "id": "CWE-190",
          "source": "CWE",
          "type": "weakness"
        }
      ],
      "coordinates": [
        {
          "is_fixable_manually": true,
          "is_fixable_snyk": true,
          "is_fixable_upstream": true,
          "is_patchable": true,
          "is_pinnable": true,
          "is_upgradeable": true,
          "reachability": "function",
          "remedies": [
            {
              "correlation_id": "text",
              "description": "text",
              "meta": {
                "data": {
                  "ANY_ADDITIONAL_PROPERTY": "anything"
                },
                "schema_version": "text"
              },
              "type": "indeterminate"
            }
          ],
          "representations": [
            {
              "resourcePath": "text"
            }
          ]
        }
      ],
      "created_at": "2025-03-25T16:23:08.632Z",
      "description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
      "effective_severity_level": "info",
      "exploit_details": {
        "maturity_levels": [
          {
            "format": "CVSS_v4",
            "level": "attacked"
          }
        ],
        "sources": [
          "CISA"
        ]
      },
      "ignored": true,
      "key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
      "problems": [
        {
          "id": "SNYK-DEBIAN8-CURL-358558",
          "source": "snyk",
          "type": "rule"
        }
      ],
      "resolution": {
        "details": "text",
        "resolved_at": "2025-03-25T16:23:08.632Z",
        "type": "disappeared"
      },
      "risk": {
        "factors": [
          {
            "name": "deployed",
            "updated_at": "2023-09-07T13:36:37Z",
            "value": true
          }
        ],
        "score": {
          "model": "v4",
          "value": 700
        }
      },
      "severities": [
        {
          "level": "medium",
          "modification_time": "2025-03-25T16:23:08.632Z",
          "score": 4.2,
          "source": "snyk",
          "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
          "version": "4.0"
        }
      ],
      "status": "open",
      "title": "Insecure hash function used",
      "tool": "snyk://npm-deps",
      "type": "cloud",
      "updated_at": "2025-03-25T16:23:08.632Z"
    },
    "id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
    "relationships": {
      "ignore": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
          "type": "ignore"
        }
      },
      "organization": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
          "type": "organization"
        }
      },
      "scan_item": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
          "type": "project"
        }
      },
      "test_executions": {
        "data": [
          {
            "id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
            "type": "test-workflow-execution"
          }
        ]
      }
    },
    "type": "issue"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  }
}

Returns an instance of an issue

Get issues by group ID

get

Get a list of a group's issues.

Authorizations

Path parameters

group_idstring · uuidrequired

Group ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

starting_afterstringoptional

Return the page of results immediately after this cursor

Example: v1.eyJpZCI6IjEwMDAifQo=

ending_beforestringoptional

Return the page of results immediately before this cursor

Example: v1.eyJpZCI6IjExMDAifQo=

limitinteger · int32 · min: 10 · max: 100 · default: 10optional

Number of results to return per page

Example: 10

scan_item.idstring · uuidoptional

A scan item id to filter issues through their scan item relationship.

Example: 4a18d42f-0706-4ad0-b127-24078731fbee

scan_item.typestring · enumoptional

A scan item types to filter issues through their scan item relationship.

Example: project

Options: project, environment

typestring · enumoptional

The type of an issue.

Example: cloud

Options: package_vulnerability, license, cloud, code, custom, config

updated_beforestring · date-timeoptional

A filter to select issues updated before this date.

updated_afterstring · date-timeoptional

A filter to select issues updated after this date.

created_beforestring · date-timeoptional

A filter to select issues created before this date.

created_afterstring · date-timeoptional

A filter to select issues created after this date.

effective_severity_levelstring · enum[]optional

One or more effective severity levels to filter issues.

statusstring · enum[]optional

An issue's status

ignoredbooleanoptional

Whether an issue is ignored or not.

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/groups/{group_id}/issues?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

401

403

404

500

An example of a list issue response for a Cloud issue.

An example of a list issue response for a Code issue.

An example of a list issue response for an Infrastructure as Code issue.

An example of a list issue response for an Open Source issue.

{
  "data": [
    {
      "attributes": {
        "classes": [
          {
            "id": "data",
            "source": "snyk-cloud",
            "type": "rule-category"
          },
          {
            "id": "CIS-AWS_v1.3.0_2.1.2",
            "source": "CIS-AWS_v1.3.0",
            "type": "compliance"
          },
          {
            "id": "CIS-AWS_v1.4.0_2.1.2",
            "source": "CIS-AWS_v1.4.0",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.306(a)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_§164.312(a)(2)(iv)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          },
          {
            "id": "HIPAA_v2013_164.312(e)(2)(ii)",
            "source": "HIPAA_v2013",
            "type": "compliance"
          }
        ],
        "coordinates": [
          {
            "remedies": [
              {
                "description": "1. Go to the AWS console\n2. Navigate to the S3 service page\n3. ...",
                "type": "manual"
              },
              {
                "description": "1. Find the corresponding AWS::S3::Bucket resource\n2. ...",
                "type": "cloudformation"
              },
              {
                "description": "1. Find the corresponding aws_s3_bucket resource\n2. ...",
                "type": "terraform"
              },
              {
                "description": "Buckets should not ...",
                "type": "rule_result_message"
              }
            ],
            "representations": [
              {
                "cloud_resource": {
                  "environment": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b6",
                    "name": "Staging",
                    "native_id": "721018433921",
                    "type": "aws"
                  },
                  "resource": {
                    "id": "b50f2832-a901-565e-9e06-e4e59e8582b7",
                    "input_type": "cloud_scan",
                    "location": "us-east-1",
                    "name": "policy-test-remediation",
                    "native_id": "arn:aws:s3:::policy-test-remediation",
                    "platform": "aws",
                    "resource_type": "aws_s3_bucket",
                    "tags": {
                      "Stage": "Prod"
                    },
                    "type": "cloud"
                  }
                }
              }
            ]
          }
        ],
        "created_at": "2022-09-27T20:09:05Z",
        "description": "To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.",
        "effective_severity_level": "medium",
        "ignored": false,
        "key": "b50f2832-a901-565e-9e06-e4e59e8582b6",
        "problems": [
          {
            "id": "SNYK-CC-00181",
            "source": "snyk-cloud",
            "type": "rule"
          }
        ],
        "resolution": {
          "details": "rule_passed",
          "resolved_at": "2022-09-28T20:09:05Z",
          "type": "fixed"
        },
        "status": "resolved",
        "title": "S3 bucket policies should only allow requests that use HTTPS",
        "tool": "snyk://cloud",
        "type": "cloud",
        "updated_at": "2022-09-28T20:09:05Z"
      },
      "id": "d8db944b-d25a-477d-9c26-a63befad8ada",
      "relationships": {
        "organization": {
          "data": {
            "id": "81e93f62-135f-48bc-84d0-47f16822313f",
            "type": "organization"
          }
        },
        "scan_item": {
          "data": {
            "id": "24c8e771-ab3b-4e85-ac4f-f73950ba4acf",
            "type": "environment"
          }
        }
      },
      "type": "issue"
    }
  ],
  "jsonapi": {
    "version": "1.0"
  }
}

Returns a collection of issues.

Get an issue

get

Get an issue

Authorizations

Path parameters

group_idstring · uuidrequired

Group ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

issue_idstring · uuidrequired

Issue ID

Example: 4a18d42f-0706-4ad0-b127-24078731fbed

Query parameters

versionstringrequired

Requested API version

Example: 2021-06-04

Pattern:

^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$

Responses

application/vnd.api+json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'https://api.snyk.io/rest/groups/{group_id}/issues/{issue_id}?version=text' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

200

400

401

403

404

409

500

{
  "data": {
    "attributes": {
      "classes": [
        {
          "id": "CWE-190",
          "source": "CWE",
          "type": "weakness"
        }
      ],
      "coordinates": [
        {
          "is_fixable_manually": true,
          "is_fixable_snyk": true,
          "is_fixable_upstream": true,
          "is_patchable": true,
          "is_pinnable": true,
          "is_upgradeable": true,
          "reachability": "function",
          "remedies": [
            {
              "correlation_id": "text",
              "description": "text",
              "meta": {
                "data": {
                  "ANY_ADDITIONAL_PROPERTY": "anything"
                },
                "schema_version": "text"
              },
              "type": "indeterminate"
            }
          ],
          "representations": [
            {
              "resourcePath": "text"
            }
          ]
        }
      ],
      "created_at": "2025-03-25T16:23:08.632Z",
      "description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
      "effective_severity_level": "info",
      "exploit_details": {
        "maturity_levels": [
          {
            "format": "CVSS_v4",
            "level": "attacked"
          }
        ],
        "sources": [
          "CISA"
        ]
      },
      "ignored": true,
      "key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
      "problems": [
        {
          "id": "SNYK-DEBIAN8-CURL-358558",
          "source": "snyk",
          "type": "rule"
        }
      ],
      "resolution": {
        "details": "text",
        "resolved_at": "2025-03-25T16:23:08.632Z",
        "type": "disappeared"
      },
      "risk": {
        "factors": [
          {
            "name": "deployed",
            "updated_at": "2023-09-07T13:36:37Z",
            "value": true
          }
        ],
        "score": {
          "model": "v4",
          "value": 700
        }
      },
      "severities": [
        {
          "level": "medium",
          "modification_time": "2025-03-25T16:23:08.632Z",
          "score": 4.2,
          "source": "snyk",
          "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
          "version": "4.0"
        }
      ],
      "status": "open",
      "title": "Insecure hash function used",
      "tool": "snyk://npm-deps",
      "type": "cloud",
      "updated_at": "2025-03-25T16:23:08.632Z"
    },
    "id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
    "relationships": {
      "ignore": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
          "type": "ignore"
        }
      },
      "organization": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
          "type": "organization"
        }
      },
      "scan_item": {
        "data": {
          "id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
          "type": "project"
        }
      },
      "test_executions": {
        "data": [
          {
            "id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
            "type": "test-workflow-execution"
          }
        ]
      }
    },
    "type": "issue"
  },
  "jsonapi": {
    "version": "1.0"
  },
  "links": {
    "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
    "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
    "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
  }
}

Returns an instance of an issue

List issues for a package

List issues for a given set of packages (Currently not available to all customers)

Show child attributes

Get issues by org ID

Show child attributes

Show child attributes

Get an issue

Get issues by group ID

Show child attributes

Show child attributes

Get an issue