Issues
Query issues for a specific package version identified by Package URL (purl). Snyk returns only direct vulnerabilities. Transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context. For Maven packages, you can optionally include a checksum qualifier in the PURL to request checksum validation. The response will include metadata indicating whether the provided checksum matches Snyk's records. Vulnerabilities are always returned regardless of checksum match status; the validation metadata allows clients to interpret results appropriately.
Required permissions
View Organization (org.read)
API key value must be prefixed with "Token ".
A URI-encoded Package URL (purl). Supported purl types are apk, cargo, cocoapods, composer, conan, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, and swift. A version for the package is also required. Maven packages support an optional checksum qualifier to request checksum validation. When provided, the response will include checksum validation metadata indicating whether the package and checksum match records in Snyk's database. Checksum format: algorithm:hex_value (lowercase), for example sha1:ad9503c3e994a4f611a4892f2e67ac82df727086. Only one checksum is supported per request. Supported algorithms: md5, sha1, sha256, sha512.
pkg:maven/com.fasterxml.woodstox/[email protected]?checksum=sha1:ad9503c3e994a4f611a4892f2e67ac82df727086Unique identifier for an organization
Requested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Specify the number of results to skip before returning results. Must be greater than or equal to 0. Default is 0.
Specify the number of results to return. Must be greater than 0 and less than 1000. Default is 1000.
Returns an array of issues
Bad Request: A parameter provided as a part of the request was invalid.
Unauthorized: the request requires an authentication token.
Forbidden: the request requires an authentication token with more or different permissions.
Not Found: The resource being operated on could not be found.
Conflict: The requested operation conflicts with the current state of the resource in some way.
Internal Server Error: An error was encountered while attempting to process the request.
GET /rest/orgs/{org_id}/packages/{purl}/issues?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"data": [
{
"attributes": {
"coordinates": [
{
"remedies": [
{
"description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
"details": {
"upgrade_package": "5.4.0,6.4.0"
},
"type": "indeterminate"
}
],
"representations": [
{
"resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
}
]
}
],
"created_at": "2022-06-16T13:51:13Z",
"description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
"effective_severity_level": "info",
"problems": [
{
"disclosed_at": "2025-11-22T09:01:51.398Z",
"discovered_at": "2025-11-22T09:01:51.398Z",
"id": "CWE-61",
"source": "CVE",
"updated_at": "2025-11-22T09:01:51.398Z",
"url": "https://example.com"
}
],
"severities": [
{
"level": "medium",
"score": 5.3,
"source": "Snyk",
"type": "primary",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "4.0"
}
],
"slots": {
"disclosure_time": "2022-06-16T13:51:13Z",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSSv4",
"level": "Attacked",
"type": "primary"
}
],
"sources": [
"text"
]
},
"publication_time": "2022-06-16T14:00:24.315507Z",
"references": [
{
"title": "text",
"url": "text"
}
]
},
"title": "XML External Entity (XXE) Injection",
"type": "package_vulnerability",
"updated_at": "2022-06-16T14:00:24.315507Z"
},
"id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
},
"meta": {
"match": {
"description": "Package and checksum both match",
"details": {
"checksum": true,
"name_version": true
},
"input": {
"checksum": "sha1:abc123",
"purl": "pkg:maven/com.example/[email protected]?checksum=sha1:abc123"
},
"type": "full"
},
"package": {
"name": "spring-core",
"namespace": "org.springframework",
"type": "maven",
"url": "pkg:maven/com.fasterxml.woodstox/[email protected]",
"version": "1.0.0"
}
}
}This endpoint is currently restricted and is not available to all customers. Query issues for a batch of packages identified by Package URL (purl). Only direct vulnerabilities are returned; transitive vulnerabilities (from dependencies) are not included as they can vary depending on the context.
Required permissions
View Organization (org.read)
API key value must be prefixed with "Token ".
Unique identifier for an organization
Requested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Returns an array of issues with the purl identifier of the package that caused them
Bad Request: A parameter provided as a part of the request was invalid.
Unauthorized: the request requires an authentication token.
Forbidden: the request requires an authentication token with more or different permissions.
Not Found: The resource being operated on could not be found.
Conflict: The requested operation conflicts with the current state of the resource in some way.
Internal Server Error: An error was encountered while attempting to process the request.
POST /rest/orgs/{org_id}/packages/issues?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Content-Type: application/vnd.api+json
Accept: */*
Content-Length: 60
{
"data": {
"attributes": {
"purls": [
"text"
]
},
"type": "resource"
}
}{
"data": [
{
"attributes": {
"coordinates": [
{
"remedies": [
{
"description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
"details": {
"upgrade_package": "5.4.0,6.4.0"
},
"type": "indeterminate"
}
],
"representations": [
{
"resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
}
]
}
],
"created_at": "2022-06-16T13:51:13Z",
"description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
"effective_severity_level": "info",
"problems": [
{
"disclosed_at": "2025-11-22T09:01:51.398Z",
"discovered_at": "2025-11-22T09:01:51.398Z",
"id": "CWE-61",
"source": "CVE",
"updated_at": "2025-11-22T09:01:51.398Z",
"url": "https://example.com"
}
],
"severities": [
{
"level": "medium",
"score": 5.3,
"source": "Snyk",
"type": "primary",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "4.0"
}
],
"slots": {
"disclosure_time": "2022-06-16T13:51:13Z",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSSv4",
"level": "Attacked",
"type": "primary"
}
],
"sources": [
"text"
]
},
"publication_time": "2022-06-16T14:00:24.315507Z",
"references": [
{
"title": "text",
"url": "text"
}
]
},
"title": "XML External Entity (XXE) Injection",
"type": "package_vulnerability",
"updated_at": "2022-06-16T14:00:24.315507Z"
},
"id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
},
"meta": {
"errors": [
{
"detail": "Not Found",
"status": "404"
}
],
"packages": {
"ANY_ADDITIONAL_PROPERTY": {
"match": {
"description": "Package and checksum both match",
"details": {
"checksum": true,
"name_version": true
},
"input": {
"checksum": "sha1:abc123",
"purl": "pkg:maven/com.example/[email protected]?checksum=sha1:abc123"
},
"type": "full"
},
"package": {
"name": "spring-core",
"namespace": "org.springframework",
"type": "maven",
"url": "pkg:maven/com.fasterxml.woodstox/[email protected]",
"version": "1.0.0"
}
}
}
}
}Get a list of an organization's issues.
Required permissions
-
View Organization (org.read) -
View Projects (org.project.read) -
View Project history (org.project.snapshot.read)
API key value must be prefixed with "Token ".
Org ID
4a18d42f-0706-4ad0-b127-24078731fbedRequested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Return the page of results immediately after this cursor
v1.eyJpZCI6IjEwMDAifQo=Return the page of results immediately before this cursor
v1.eyJpZCI6IjExMDAifQo=Number of results to return per page
10Example: 10A scan item id to filter issues through their scan item relationship.
4a18d42f-0706-4ad0-b127-24078731fbeeA scan item types to filter issues through their scan item relationship.
projectPossible values: The type of an issue.
cloudPossible values: A filter to select issues updated before this date.
A filter to select issues updated after this date.
A filter to select issues created before this date.
A filter to select issues created after this date.
Whether an issue is ignored or not.
Returns a collection of issues.
Unauthorized: the request requires an authentication token or a token with more permissions.
Unauthorized: the request requires an authentication token or a token with more permissions.
Not Found: The resource being operated on could not be found.
Internal Server Error: An error was encountered while attempting to process the request.
GET /rest/orgs/{org_id}/issues?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"data": [
{
"attributes": {
"classes": [
{
"id": "data",
"source": "snyk-cloud",
"type": "rule-category"
},
{
"id": "CIS-AWS_v1.3.0_2.1.2",
"source": "CIS-AWS_v1.3.0",
"type": "compliance"
},
{
"id": "CIS-AWS_v1.4.0_2.1.2",
"source": "CIS-AWS_v1.4.0",
"type": "compliance"
},
{
"id": "HIPAA_§164.306(a)",
"source": "HIPAA_v2013",
"type": "compliance"
},
{
"id": "HIPAA_§164.312(a)(2)(iv)",
"source": "HIPAA_v2013",
"type": "compliance"
},
{
"id": "HIPAA_v2013_164.312(e)(2)(ii)",
"source": "HIPAA_v2013",
"type": "compliance"
}
],
"coordinates": [
{
"remedies": [
{
"description": "1. Go to the AWS console\n2. Navigate to the S3 service page\n3. ...",
"type": "manual"
},
{
"description": "1. Find the corresponding AWS::S3::Bucket resource\n2. ...",
"type": "cloudformation"
},
{
"description": "1. Find the corresponding aws_s3_bucket resource\n2. ...",
"type": "terraform"
},
{
"description": "Buckets should not ...",
"type": "rule_result_message"
}
],
"representations": [
{
"cloud_resource": {
"environment": {
"id": "b50f2832-a901-565e-9e06-e4e59e8582b6",
"name": "Staging",
"native_id": "721018433921",
"type": "aws"
},
"resource": {
"id": "b50f2832-a901-565e-9e06-e4e59e8582b7",
"input_type": "cloud_scan",
"location": "us-east-1",
"name": "policy-test-remediation",
"native_id": "arn:aws:s3:::policy-test-remediation",
"platform": "aws",
"resource_type": "aws_s3_bucket",
"tags": {
"Stage": "Prod"
},
"type": "cloud"
}
}
}
]
}
],
"created_at": "2022-09-27T20:09:05Z",
"description": "To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.",
"effective_severity_level": "medium",
"ignored": false,
"key": "b50f2832-a901-565e-9e06-e4e59e8582b6",
"problems": [
{
"id": "SNYK-CC-00181",
"source": "snyk-cloud",
"type": "rule"
}
],
"resolution": {
"details": "rule_passed",
"resolved_at": "2022-09-28T20:09:05Z",
"type": "fixed"
},
"status": "resolved",
"title": "S3 bucket policies should only allow requests that use HTTPS",
"tool": "snyk://cloud",
"type": "cloud",
"updated_at": "2022-09-28T20:09:05Z"
},
"id": "d8db944b-d25a-477d-9c26-a63befad8ada",
"relationships": {
"organization": {
"data": {
"id": "81e93f62-135f-48bc-84d0-47f16822313f",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "24c8e771-ab3b-4e85-ac4f-f73950ba4acf",
"type": "environment"
}
}
},
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
}
}Get an issue
Required permissions
-
View Organization (org.read) -
View Projects (org.project.read) -
View Project history (org.project.snapshot.read)
API key value must be prefixed with "Token ".
Org ID
4a18d42f-0706-4ad0-b127-24078731fbedIssue ID
4a18d42f-0706-4ad0-b127-24078731fbedRequested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Returns an instance of an issue
Bad Request: A parameter provided as a part of the request was invalid.
Unauthorized: the request requires an authentication token or a token with more permissions.
Unauthorized: the request requires an authentication token or a token with more permissions.
Not Found: The resource being operated on could not be found.
Conflict: The requested operation conflicts with the current state of the resource in some way.
Internal Server Error: An error was encountered while attempting to process the request.
GET /rest/orgs/{org_id}/issues/{issue_id}?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"data": {
"attributes": {
"classes": [
{
"id": "CWE-190",
"source": "CWE",
"type": "weakness"
}
],
"coordinates": [
{
"created_at": "2025-11-22T09:01:51.398Z",
"is_fixable_manually": true,
"is_fixable_snyk": true,
"is_fixable_upstream": true,
"is_patchable": true,
"is_pinnable": true,
"is_upgradeable": true,
"last_introduced_at": "2025-11-22T09:01:51.398Z",
"last_resolved_at": "2025-11-22T09:01:51.398Z",
"last_resolved_details": "text",
"reachability": "function",
"remedies": [
{
"correlation_id": "text",
"description": "text",
"meta": {
"data": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"schema_version": "text"
},
"type": "indeterminate"
}
],
"representations": [
{
"resourcePath": "text"
}
],
"state": "open",
"updated_at": "2025-11-22T09:01:51.398Z"
}
],
"created_at": "2025-11-22T09:01:51.398Z",
"description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
"effective_severity_level": "info",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSS_v4",
"level": "attacked"
}
],
"sources": [
"CISA"
]
},
"ignored": true,
"key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
"key_asset": "1662bb2e-4c43-4f2c-83e1-ee5e0e009999",
"problems": [
{
"id": "SNYK-DEBIAN8-CURL-358558",
"source": "snyk",
"type": "rule"
}
],
"resolution": {
"details": "text",
"resolved_at": "2025-11-22T09:01:51.398Z",
"type": "disappeared"
},
"risk": {
"factors": [
{
"name": "deployed",
"updated_at": "2023-09-07T13:36:37Z",
"value": true
}
],
"score": {
"model": "v4",
"value": 700
}
},
"severities": [
{
"level": "medium",
"modification_time": "2025-11-22T09:01:51.398Z",
"score": 4.2,
"source": "snyk",
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"version": "4.0"
}
],
"status": "open",
"title": "Insecure hash function used",
"tool": "snyk://npm-deps",
"type": "cloud",
"updated_at": "2025-11-22T09:01:51.398Z"
},
"id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
"relationships": {
"ignore": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
"type": "ignore"
}
},
"organization": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
"type": "project"
}
},
"test_executions": {
"data": [
{
"id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
"type": "test-workflow-execution"
}
]
}
},
"type": "issue"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
}
}Get a list of a group's issues.
Required permissions
View Issues (group.issues.read)
API key value must be prefixed with "Token ".
Group ID
4a18d42f-0706-4ad0-b127-24078731fbedRequested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Return the page of results immediately after this cursor
v1.eyJpZCI6IjEwMDAifQo=Return the page of results immediately before this cursor
v1.eyJpZCI6IjExMDAifQo=Number of results to return per page
10Example: 10A scan item id to filter issues through their scan item relationship.
4a18d42f-0706-4ad0-b127-24078731fbeeA scan item types to filter issues through their scan item relationship.
projectPossible values: The type of an issue.
cloudPossible values: A filter to select issues updated before this date.
A filter to select issues updated after this date.
A filter to select issues created before this date.
A filter to select issues created after this date.
Whether an issue is ignored or not.
Returns a collection of issues.
Unauthorized: the request requires an authentication token or a token with more permissions.
Unauthorized: the request requires an authentication token or a token with more permissions.
Not Found: The resource being operated on could not be found.
Internal Server Error: An error was encountered while attempting to process the request.
GET /rest/groups/{group_id}/issues?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"data": [
{
"attributes": {
"classes": [
{
"id": "data",
"source": "snyk-cloud",
"type": "rule-category"
},
{
"id": "CIS-AWS_v1.3.0_2.1.2",
"source": "CIS-AWS_v1.3.0",
"type": "compliance"
},
{
"id": "CIS-AWS_v1.4.0_2.1.2",
"source": "CIS-AWS_v1.4.0",
"type": "compliance"
},
{
"id": "HIPAA_§164.306(a)",
"source": "HIPAA_v2013",
"type": "compliance"
},
{
"id": "HIPAA_§164.312(a)(2)(iv)",
"source": "HIPAA_v2013",
"type": "compliance"
},
{
"id": "HIPAA_v2013_164.312(e)(2)(ii)",
"source": "HIPAA_v2013",
"type": "compliance"
}
],
"coordinates": [
{
"remedies": [
{
"description": "1. Go to the AWS console\n2. Navigate to the S3 service page\n3. ...",
"type": "manual"
},
{
"description": "1. Find the corresponding AWS::S3::Bucket resource\n2. ...",
"type": "cloudformation"
},
{
"description": "1. Find the corresponding aws_s3_bucket resource\n2. ...",
"type": "terraform"
},
{
"description": "Buckets should not ...",
"type": "rule_result_message"
}
],
"representations": [
{
"cloud_resource": {
"environment": {
"id": "b50f2832-a901-565e-9e06-e4e59e8582b6",
"name": "Staging",
"native_id": "721018433921",
"type": "aws"
},
"resource": {
"id": "b50f2832-a901-565e-9e06-e4e59e8582b7",
"input_type": "cloud_scan",
"location": "us-east-1",
"name": "policy-test-remediation",
"native_id": "arn:aws:s3:::policy-test-remediation",
"platform": "aws",
"resource_type": "aws_s3_bucket",
"tags": {
"Stage": "Prod"
},
"type": "cloud"
}
}
}
]
}
],
"created_at": "2022-09-27T20:09:05Z",
"description": "To protect data in transit, an S3 bucket policy should deny all HTTP requests to its objects and allow only HTTPS requests. HTTPS uses Transport Layer Security (TLS) to encrypt data, which preserves integrity and prevents tampering.",
"effective_severity_level": "medium",
"ignored": false,
"key": "b50f2832-a901-565e-9e06-e4e59e8582b6",
"problems": [
{
"id": "SNYK-CC-00181",
"source": "snyk-cloud",
"type": "rule"
}
],
"resolution": {
"details": "rule_passed",
"resolved_at": "2022-09-28T20:09:05Z",
"type": "fixed"
},
"status": "resolved",
"title": "S3 bucket policies should only allow requests that use HTTPS",
"tool": "snyk://cloud",
"type": "cloud",
"updated_at": "2022-09-28T20:09:05Z"
},
"id": "d8db944b-d25a-477d-9c26-a63befad8ada",
"relationships": {
"organization": {
"data": {
"id": "81e93f62-135f-48bc-84d0-47f16822313f",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "24c8e771-ab3b-4e85-ac4f-f73950ba4acf",
"type": "environment"
}
}
},
"type": "issue"
}
],
"jsonapi": {
"version": "1.0"
}
}Get an issue
Required permissions
View Issues (group.issues.read)
API key value must be prefixed with "Token ".
Group ID
4a18d42f-0706-4ad0-b127-24078731fbedIssue ID
4a18d42f-0706-4ad0-b127-24078731fbedRequested API version
2021-06-04Pattern: ^(wip|work-in-progress|experimental|beta|((([0-9]{4})-([0-1][0-9]))-((3[01])|(0[1-9])|([12][0-9]))(~(wip|work-in-progress|experimental|beta))?))$Returns an instance of an issue
Bad Request: A parameter provided as a part of the request was invalid.
Unauthorized: the request requires an authentication token or a token with more permissions.
Unauthorized: the request requires an authentication token or a token with more permissions.
Not Found: The resource being operated on could not be found.
Conflict: The requested operation conflicts with the current state of the resource in some way.
Internal Server Error: An error was encountered while attempting to process the request.
GET /rest/groups/{group_id}/issues/{issue_id}?version=text HTTP/1.1
Host: api.snyk.io
Authorization: YOUR_API_KEY
Accept: */*
{
"data": {
"attributes": {
"classes": [
{
"id": "CWE-190",
"source": "CWE",
"type": "weakness"
}
],
"coordinates": [
{
"created_at": "2025-11-22T09:01:51.398Z",
"is_fixable_manually": true,
"is_fixable_snyk": true,
"is_fixable_upstream": true,
"is_patchable": true,
"is_pinnable": true,
"is_upgradeable": true,
"last_introduced_at": "2025-11-22T09:01:51.398Z",
"last_resolved_at": "2025-11-22T09:01:51.398Z",
"last_resolved_details": "text",
"reachability": "function",
"remedies": [
{
"correlation_id": "text",
"description": "text",
"meta": {
"data": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"schema_version": "text"
},
"type": "indeterminate"
}
],
"representations": [
{
"resourcePath": "text"
}
],
"state": "open",
"updated_at": "2025-11-22T09:01:51.398Z"
}
],
"created_at": "2025-11-22T09:01:51.398Z",
"description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n",
"effective_severity_level": "info",
"exploit_details": {
"maturity_levels": [
{
"format": "CVSS_v4",
"level": "attacked"
}
],
"sources": [
"CISA"
]
},
"ignored": true,
"key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1",
"key_asset": "1662bb2e-4c43-4f2c-83e1-ee5e0e009999",
"problems": [
{
"id": "SNYK-DEBIAN8-CURL-358558",
"source": "snyk",
"type": "rule"
}
],
"resolution": {
"details": "text",
"resolved_at": "2025-11-22T09:01:51.398Z",
"type": "disappeared"
},
"risk": {
"factors": [
{
"name": "deployed",
"updated_at": "2023-09-07T13:36:37Z",
"value": true
}
],
"score": {
"model": "v4",
"value": 700
}
},
"severities": [
{
"level": "medium",
"modification_time": "2025-11-22T09:01:51.398Z",
"score": 4.2,
"source": "snyk",
"vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:A",
"version": "4.0"
}
],
"status": "open",
"title": "Insecure hash function used",
"tool": "snyk://npm-deps",
"type": "cloud",
"updated_at": "2025-11-22T09:01:51.398Z"
},
"id": "73832c6c-19ff-4a92-850c-2e1ff2800c16",
"relationships": {
"ignore": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5d",
"type": "ignore"
}
},
"organization": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5b",
"type": "organization"
}
},
"scan_item": {
"data": {
"id": "a3952187-0d8e-45d8-9aa2-036642857b5c",
"type": "project"
}
},
"test_executions": {
"data": [
{
"id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef",
"type": "test-workflow-execution"
}
]
}
},
"type": "issue"
},
"jsonapi": {
"version": "1.0"
},
"links": {
"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
}
}Last updated
Was this helpful?