Issues
Last updated
Last updated
This endpoint is not available to all customers. If you are interested please contact support. Query issues for a batch of packages identified by Package URL (purl). Only direct vulnerabilities are returned, transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.
Unique identifier for an organization
Returns an array of issues with the purl identifier of the package that caused them
const response = await fetch('https://api.snyk.io/rest/orgs/{org_id}/packages/issues?version=text', {
method: 'POST',
headers: {
"Content-Type": "application/vnd.api+json"
},
body: JSON.stringify({
"data": {
"attributes": {
"purls": [
"text"
]
}
}
}),
});
const data = await response.json();{
"data": [
{
"attributes": {
"coordinates": [
{
"remedies": [
{
"description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
"details": {
"upgrade_package": "5.4.0,6.4.0"
},
"type": "indeterminate"
}
],
"representations": [
{
"resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
}
]
}
],
"created_at": "2022-06-16T13:51:13Z",
"description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
"effective_severity_level": "info",
"problems": [
{
"disclosed_at": "2025-01-22T03:27:07.155Z",
"discovered_at": "2025-01-22T03:27:07.155Z",
"id": "CWE-61",
"source": "CVE",
"updated_at": "2025-01-22T03:27:07.155Z",
"url": "https://example.com"
}
],
"severities": [
{
"level": "medium",
"score": 5.3,
"source": "Snyk",
"type": "primary",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "4.0"
}
],
"slots": {
"disclosure_time": "2022-06-16T13:51:13Z",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSSv4",
"level": "Attacked",
"type": "primary"
}
],
"sources": [
"text"
]
},
"publication_time": "2022-06-16T14:00:24.315507Z",
"references": [
{
"title": "text",
"url": "text"
}
]
},
"title": "XML External Entity (XXE) Injection",
"type": "package_vulnerability",
"updated_at": "2022-06-16T14:00:24.315507Z"
},
"id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
},
"meta": {
"errors": [
{
"detail": "Not Found",
"status": "404"
}
]
}
}Query issues for a specific package version identified by Package URL (purl). Snyk returns only direct vulnerabilities. Transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.
A URI-encoded Package URL (purl). Supported purl types are apk, cargo, cocoapods, composer, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, and swift. A version for the package is also required.
"pkg%3Amaven%2Fcom.fasterxml.woodstox%2Fwoodstox-core%405.0.0"Unique identifier for an organization
Returns an array of issues
const response = await fetch('https://api.snyk.io/rest/orgs/{org_id}/packages/{purl}/issues?version=text', {
method: 'GET',
headers: {},
});
const data = await response.json();{
"data": [
{
"attributes": {
"coordinates": [
{
"remedies": [
{
"description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
"details": {
"upgrade_package": "5.4.0,6.4.0"
},
"type": "indeterminate"
}
],
"representations": [
{
"resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
}
]
}
],
"created_at": "2022-06-16T13:51:13Z",
"description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
"effective_severity_level": "info",
"problems": [
{
"disclosed_at": "2025-01-22T03:27:07.155Z",
"discovered_at": "2025-01-22T03:27:07.155Z",
"id": "CWE-61",
"source": "CVE",
"updated_at": "2025-01-22T03:27:07.155Z",
"url": "https://example.com"
}
],
"severities": [
{
"level": "medium",
"score": 5.3,
"source": "Snyk",
"type": "primary",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "4.0"
}
],
"slots": {
"disclosure_time": "2022-06-16T13:51:13Z",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSSv4",
"level": "Attacked",
"type": "primary"
}
],
"sources": [
"text"
]
},
"publication_time": "2022-06-16T14:00:24.315507Z",
"references": [
{
"title": "text",
"url": "text"
}
]
},
"title": "XML External Entity (XXE) Injection",
"type": "package_vulnerability",
"updated_at": "2022-06-16T14:00:24.315507Z"
},
"id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
},
"meta": {
"package": {
"name": "spring-core",
"namespace": "org.springframework",
"type": "maven",
"url": "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0",
"version": "1.0.0"
}
}
}Get a list of a group's issues.
Group ID
"4a18d42f-0706-4ad0-b127-24078731fbed"Returns a collection of issues.
const response = await fetch('https://api.snyk.io/rest/groups/{group_id}/issues?version=text', {
method: 'GET',
headers: {},
});
const data = await response.json();{
"data": [
{
"attributes": {
"classes": [
{
"id": "CWE-190",
"source": "CWE",
"type": "weakness"
}
],
"coordinates": [
{
"is_fixable_manually": false,
"is_fixable_snyk": false,
"is_fixable_upstream": false,
"is_patchable": false,
"is_pinnable": false,
"is_upgradeable": false,
"reachability": "function",
"remedies": [
{
"correlation_id": "text",
"description": "text",
"meta": {
"schema_version": "text"
},
"type": "indeterminate"
}
],
"representations": [
{
"resourcePath": "text"
}
]
}
],
"created_at": "2025-01-22T03:27:07.155Z",
"description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
"effective_severity_level": "info",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSS_v4",
"level": "attacked"
}
],
"sources": [
"CISA"
]
},
"ignored": false,
"key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
"problems": [
{
"id": "SNYK-DEBIAN8-CURL-358558",
"source": "snyk",
"type": "rule"
}
],
"resolution": {
"details": "text",
"resolved_at": "2025-01-22T03:27:07.155Z",
"type": "disappeared"
},
"risk": {
"factors": [
{
"name": "deployed",
"updated_at": "2023-09-07T13:36:37Z",
"value": true
}
],
"score": {
"model": "v4",
"value": 700
}
},
"severities": [
{
"level": "medium",
"modification_time": "2025-01-22T03:27:07.155Z",
"score": 4.2,
"source": "snyk",
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"version": "4.0"
}
],
"status": "open",
"title": "Insecure hash function used",
"tool": "snyk://npm-deps",
"type": "cloud",
"updated_at": "2025-01-22T03:27:07.155Z"
},
"id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
"relationships": {
"ignore": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
"type": "ignore"
}
},
"organization": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
"type": "project"
}
},
"test_executions": {
"data": [
{
"id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
"type": "test-workflow-execution"
}
]
}
},
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
}
}Get a list of an organization's issues.
Org ID
"4a18d42f-0706-4ad0-b127-24078731fbed"Returns a collection of issues.
const response = await fetch('https://api.snyk.io/rest/orgs/{org_id}/issues?version=text', {
method: 'GET',
headers: {},
});
const data = await response.json();{
"data": [
{
"attributes": {
"classes": [
{
"id": "CWE-190",
"source": "CWE",
"type": "weakness"
}
],
"coordinates": [
{
"is_fixable_manually": false,
"is_fixable_snyk": false,
"is_fixable_upstream": false,
"is_patchable": false,
"is_pinnable": false,
"is_upgradeable": false,
"reachability": "function",
"remedies": [
{
"correlation_id": "text",
"description": "text",
"meta": {
"schema_version": "text"
},
"type": "indeterminate"
}
],
"representations": [
{
"resourcePath": "text"
}
]
}
],
"created_at": "2025-01-22T03:27:07.155Z",
"description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
"effective_severity_level": "info",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSS_v4",
"level": "attacked"
}
],
"sources": [
"CISA"
]
},
"ignored": false,
"key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
"problems": [
{
"id": "SNYK-DEBIAN8-CURL-358558",
"source": "snyk",
"type": "rule"
}
],
"resolution": {
"details": "text",
"resolved_at": "2025-01-22T03:27:07.155Z",
"type": "disappeared"
},
"risk": {
"factors": [
{
"name": "deployed",
"updated_at": "2023-09-07T13:36:37Z",
"value": true
}
],
"score": {
"model": "v4",
"value": 700
}
},
"severities": [
{
"level": "medium",
"modification_time": "2025-01-22T03:27:07.155Z",
"score": 4.2,
"source": "snyk",
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"version": "4.0"
}
],
"status": "open",
"title": "Insecure hash function used",
"tool": "snyk://npm-deps",
"type": "cloud",
"updated_at": "2025-01-22T03:27:07.155Z"
},
"id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
"relationships": {
"ignore": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
"type": "ignore"
}
},
"organization": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
"type": "project"
}
},
"test_executions": {
"data": [
{
"id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
"type": "test-workflow-execution"
}
]
}
},
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
}
}Get an issue
Org ID
"4a18d42f-0706-4ad0-b127-24078731fbed"Issue ID
"4a18d42f-0706-4ad0-b127-24078731fbed"Returns an instance of an issue
A Snyk Issue.
const response = await fetch('https://api.snyk.io/rest/orgs/{org_id}/issues/{issue_id}?version=text', {
method: 'GET',
headers: {},
});
const data = await response.json();{
"data": {
"attributes": {
"classes": [
{
"id": "CWE-190",
"source": "CWE",
"type": "weakness"
}
],
"coordinates": [
{
"is_fixable_manually": false,
"is_fixable_snyk": false,
"is_fixable_upstream": false,
"is_patchable": false,
"is_pinnable": false,
"is_upgradeable": false,
"reachability": "function",
"remedies": [
{
"correlation_id": "text",
"description": "text",
"meta": {
"schema_version": "text"
},
"type": "indeterminate"
}
],
"representations": [
{
"resourcePath": "text"
}
]
}
],
"created_at": "2025-01-22T03:27:07.155Z",
"description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
"effective_severity_level": "info",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSS_v4",
"level": "attacked"
}
],
"sources": [
"CISA"
]
},
"ignored": false,
"key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
"problems": [
{
"id": "SNYK-DEBIAN8-CURL-358558",
"source": "snyk",
"type": "rule"
}
],
"resolution": {
"details": "text",
"resolved_at": "2025-01-22T03:27:07.155Z",
"type": "disappeared"
},
"risk": {
"factors": [
{
"name": "deployed",
"updated_at": "2023-09-07T13:36:37Z",
"value": true
}
],
"score": {
"model": "v4",
"value": 700
}
},
"severities": [
{
"level": "medium",
"modification_time": "2025-01-22T03:27:07.155Z",
"score": 4.2,
"source": "snyk",
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"version": "4.0"
}
],
"status": "open",
"title": "Insecure hash function used",
"tool": "snyk://npm-deps",
"type": "cloud",
"updated_at": "2025-01-22T03:27:07.155Z"
},
"id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
"relationships": {
"ignore": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
"type": "ignore"
}
},
"organization": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
"type": "project"
}
},
"test_executions": {
"data": [
{
"id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
"type": "test-workflow-execution"
}
]
}
},
"type": "issue"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
}
}Get an issue
Group ID
"4a18d42f-0706-4ad0-b127-24078731fbed"Issue ID
"4a18d42f-0706-4ad0-b127-24078731fbed"Returns an instance of an issue
A Snyk Issue.
const response = await fetch('https://api.snyk.io/rest/groups/{group_id}/issues/{issue_id}?version=text', {
method: 'GET',
headers: {},
});
const data = await response.json();{
"data": {
"attributes": {
"classes": [
{
"id": "CWE-190",
"source": "CWE",
"type": "weakness"
}
],
"coordinates": [
{
"is_fixable_manually": false,
"is_fixable_snyk": false,
"is_fixable_upstream": false,
"is_patchable": false,
"is_pinnable": false,
"is_upgradeable": false,
"reachability": "function",
"remedies": [
{
"correlation_id": "text",
"description": "text",
"meta": {
"schema_version": "text"
},
"type": "indeterminate"
}
],
"representations": [
{
"resourcePath": "text"
}
]
}
],
"created_at": "2025-01-22T03:27:07.155Z",
"description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
"effective_severity_level": "info",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSS_v4",
"level": "attacked"
}
],
"sources": [
"CISA"
]
},
"ignored": false,
"key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
"problems": [
{
"id": "SNYK-DEBIAN8-CURL-358558",
"source": "snyk",
"type": "rule"
}
],
"resolution": {
"details": "text",
"resolved_at": "2025-01-22T03:27:07.155Z",
"type": "disappeared"
},
"risk": {
"factors": [
{
"name": "deployed",
"updated_at": "2023-09-07T13:36:37Z",
"value": true
}
],
"score": {
"model": "v4",
"value": 700
}
},
"severities": [
{
"level": "medium",
"modification_time": "2025-01-22T03:27:07.155Z",
"score": 4.2,
"source": "snyk",
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"version": "4.0"
}
],
"status": "open",
"title": "Insecure hash function used",
"tool": "snyk://npm-deps",
"type": "cloud",
"updated_at": "2025-01-22T03:27:07.155Z"
},
"id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
"relationships": {
"ignore": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
"type": "ignore"
}
},
"organization": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
"type": "project"
}
},
"test_executions": {
"data": [
{
"id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
"type": "test-workflow-execution"
}
]
}
},
"type": "issue"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
}
}