Issues

This document uses the REST API. For more details, see the Authentication for API page.

List issues for a package

Query issues for a specific package version identified by Package URL (purl). Snyk returns only direct vulnerabilities. Transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.

GEThttps://api.snyk.io/rest/orgs/{org_id}/packages/{purl}/issues

Path parameters

purl*string

A URI-encoded Package URL (purl). Supported purl types are apk, cargo, cocoapods, composer, deb, gem, generic, golang, hex, maven, npm, nuget, pub, pypi, rpm, and swift. A version for the package is also required.

Example: "pkg%3Amaven%2Fcom.fasterxml.woodstox%2Fwoodstox-core%405.0.0"

org_id*string (uuid)

Unique identifier for an organization

Query parameters

Response

Returns an array of issues

Headers

Body

dataarray of CommonIssueModelVThree (object)

jsonapiJsonApi (object)

linksPaginatedLinks (object)

metaIssuesMeta (object)

Request

Response

List issues for a given set of packages (Currently not available to all customers)

This endpoint is not available to all customers. If you are interested please contact support. Query issues for a batch of packages identified by Package URL (purl). Only direct vulnerabilities are returned, transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.

POSThttps://api.snyk.io/rest/orgs/{org_id}/packages/issues

Path parameters

org_id*string (uuid)

Unique identifier for an organization

Query parameters

Body

data*object

Response

Returns an array of issues with the purl identifier of the package that caused them

Headers

Body

dataarray of CommonIssueModelVThree (object)

jsonapiJsonApi (object)

linksPaginatedLinks (object)

metaobject

Request

Response

Get issues by org ID

Get a list of an organization's issues.

GEThttps://api.snyk.io/rest/orgs/{org_id}/issues

Path parameters

org_id*string (uuid)

Org ID

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

Query parameters

Response

Returns a collection of issues.

Headers

Body

data*array of Issue (object)

jsonapi*JsonApi (object)

linksPaginatedLinks (object)

Request

Response

Get an issue

GEThttps://api.snyk.io/rest/orgs/{org_id}/issues/{issue_id}

Path parameters

org_id*string (uuid)

Org ID

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

issue_id*string (uuid)

Issue ID

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

Query parameters

Response

Returns an instance of an issue

Headers

Body

data*Issue (object)

A Snyk Issue.

jsonapi*JsonApi (object)

linksPaginatedLinks (object)

Request

Response

Get issues by group ID

Get a list of a group's issues.

GEThttps://api.snyk.io/rest/groups/{group_id}/issues

Path parameters

group_id*string (uuid)

Group ID

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

Query parameters

Response

Returns a collection of issues.

Headers

Body

data*array of Issue (object)

jsonapi*JsonApi (object)

linksPaginatedLinks (object)

Request

Response

Get an issue

GEThttps://api.snyk.io/rest/groups/{group_id}/issues/{issue_id}

Path parameters

group_id*string (uuid)

Group ID

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

issue_id*string (uuid)

Issue ID

Example: "4a18d42f-0706-4ad0-b127-24078731fbed"

Query parameters

Response

Returns an instance of an issue

Headers

Body

data*Issue (object)

A Snyk Issue.

jsonapi*JsonApi (object)

linksPaginatedLinks (object)

Request

Response

PreviousInvites NextJira (v1)

Last updated 3 months ago

{ "data": [ { "attributes": { "coordinates": [ { "remedies": [ { "description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability", "details": { "upgrade_package": "5.4.0,6.4.0" }, "type": "indeterminate" } ], "representations": [ { "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)" } ] } ], "created_at": "2022-06-16T13:51:13Z", "description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.", "effective_severity_level": "info", "problems": [ { "disclosed_at": "2024-11-19T20:12:48.571Z", "discovered_at": "2024-11-19T20:12:48.571Z", "id": "CWE-61", "source": "CVE", "updated_at": "2024-11-19T20:12:48.571Z", "url": "https://example.com" } ], "severities": [ { "level": "medium", "score": 5.3, "source": "Snyk", "type": "primary", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "4.0" } ], "slots": { "disclosure_time": "2022-06-16T13:51:13Z", "exploit_details": { "maturity_levels": [ { "format": "CVSSv4", "level": "Attacked", "type": "primary" } ], "sources": [ "text" ] }, "publication_time": "2022-06-16T14:00:24.315507Z", "references": [ { "title": "text", "url": "text" } ] }, "title": "XML External Entity (XXE) Injection", "type": "package_vulnerability", "updated_at": "2022-06-16T14:00:24.315507Z" }, "id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754", "type": "issue" } ], "jsonapi": { "version": "1.0" }, "links": { "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K", "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K", "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K" }, "meta": { "package": { "name": "spring-core", "namespace": "org.springframework", "type": "maven", "url": "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0", "version": "1.0.0" } } }

{ "data": [ { "attributes": { "coordinates": [ { "remedies": [ { "description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability", "details": { "upgrade_package": "5.4.0,6.4.0" }, "type": "indeterminate" } ], "representations": [ { "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)" } ] } ], "created_at": "2022-06-16T13:51:13Z", "description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.", "effective_severity_level": "info", "problems": [ { "disclosed_at": "2024-11-19T20:12:48.571Z", "discovered_at": "2024-11-19T20:12:48.571Z", "id": "CWE-61", "source": "CVE", "updated_at": "2024-11-19T20:12:48.571Z", "url": "https://example.com" } ], "severities": [ { "level": "medium", "score": 5.3, "source": "Snyk", "type": "primary", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "4.0" } ], "slots": { "disclosure_time": "2022-06-16T13:51:13Z", "exploit_details": { "maturity_levels": [ { "format": "CVSSv4", "level": "Attacked", "type": "primary" } ], "sources": [ "text" ] }, "publication_time": "2022-06-16T14:00:24.315507Z", "references": [ { "title": "text", "url": "text" } ] }, "title": "XML External Entity (XXE) Injection", "type": "package_vulnerability", "updated_at": "2022-06-16T14:00:24.315507Z" }, "id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754", "type": "issue" } ], "jsonapi": { "version": "1.0" }, "links": { "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K", "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K", "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K" }, "meta": { "errors": [ { "detail": "Not Found", "status": "404" } ] } }

{ "data": [ { "attributes": { "classes": [ { "id": "CWE-190", "source": "CWE", "type": "weakness" } ], "coordinates": [ { "is_fixable_manually": false, "is_fixable_snyk": false, "is_fixable_upstream": false, "is_patchable": false, "is_pinnable": false, "is_upgradeable": false, "reachability": "function", "remedies": [ { "correlation_id": "text", "description": "text", "meta": { "schema_version": "text" }, "type": "indeterminate" } ], "representations": [ { "resourcePath": "text" } ] } ], "created_at": "2024-11-19T20:12:48.571Z", "description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n", "effective_severity_level": "info", "ignored": false, "key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1", "problems": [ { "id": "SNYK-DEBIAN8-CURL-358558", "source": "snyk", "type": "rule" } ], "resolution": { "details": "text", "resolved_at": "2024-11-19T20:12:48.571Z", "type": "disappeared" }, "risk": { "factors": [ { "name": "deployed", "updated_at": "2023-09-07T13:36:37Z", "value": true } ], "score": { "model": "v4", "value": 700 } }, "status": "open", "title": "Insecure hash function used", "tool": "snyk://npm-deps", "type": "cloud", "updated_at": "2024-11-19T20:12:48.571Z" }, "id": "73832c6c-19ff-4a92-850c-2e1ff2800c16", "relationships": { "ignore": { "data": { "id": "a3952187-0d8e-45d8-9aa2-036642857b5d", "type": "ignore" } }, "organization": { "data": { "id": "a3952187-0d8e-45d8-9aa2-036642857b5b", "type": "organization" } }, "scan_item": { "data": { "id": "a3952187-0d8e-45d8-9aa2-036642857b5c", "type": "project" } }, "test_executions": { "data": [ { "id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef", "type": "test-workflow-execution" } ] } }, "type": "issue" } ], "jsonapi": { "version": "1.0" }, "links": { "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K", "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K", "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K" } }

{ "data": { "attributes": { "classes": [ { "id": "CWE-190", "source": "CWE", "type": "weakness" } ], "coordinates": [ { "is_fixable_manually": false, "is_fixable_snyk": false, "is_fixable_upstream": false, "is_patchable": false, "is_pinnable": false, "is_upgradeable": false, "reachability": "function", "remedies": [ { "correlation_id": "text", "description": "text", "meta": { "schema_version": "text" }, "type": "indeterminate" } ], "representations": [ { "resourcePath": "text" } ] } ], "created_at": "2024-11-19T20:12:48.571Z", "description": "Affected versions of this package are vulnerable to Prototype Pollution.\nThe utilities function allow modification of the `Object` prototype.\nIf an attacker can control part of the structure passed to this function,\nthey could add or modify an existing property.\n", "effective_severity_level": "info", "ignored": false, "key": "24018479-6bb1-4196-a41b-e54c7c5dcc82:1c6ddc45.7f41fd64.a214ef38.72ad650e.f0ecbaa5.18c3080a.b570850e.89112ac5.1a6d2cd5.71413d6f.a924ef28.71cdd50e.d0e1bea5.52c3a80a.1a0c4319.a9127ac5:1", "problems": [ { "id": "SNYK-DEBIAN8-CURL-358558", "source": "snyk", "type": "rule" } ], "resolution": { "details": "text", "resolved_at": "2024-11-19T20:12:48.571Z", "type": "disappeared" }, "risk": { "factors": [ { "name": "deployed", "updated_at": "2023-09-07T13:36:37Z", "value": true } ], "score": { "model": "v4", "value": 700 } }, "status": "open", "title": "Insecure hash function used", "tool": "snyk://npm-deps", "type": "cloud", "updated_at": "2024-11-19T20:12:48.571Z" }, "id": "73832c6c-19ff-4a92-850c-2e1ff2800c16", "relationships": { "ignore": { "data": { "id": "a3952187-0d8e-45d8-9aa2-036642857b5d", "type": "ignore" } }, "organization": { "data": { "id": "a3952187-0d8e-45d8-9aa2-036642857b5b", "type": "organization" } }, "scan_item": { "data": { "id": "a3952187-0d8e-45d8-9aa2-036642857b5c", "type": "project" } }, "test_executions": { "data": [ { "id": "0086e1bc-7c27-4f2e-9a99-5fe793ba4bef", "type": "test-workflow-execution" } ] } }, "type": "issue" }, "jsonapi": { "version": "1.0" }, "links": { "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K", "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K", "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K" } }