Skip to main content
GET
/
api
/
v1
/
repositories
/
{repositoryId}
/
vulnerabilities
List vulnerabilities for a repository
curl --request GET \
  --url https://app.gecko.security/api/v1/repositories/{repositoryId}/vulnerabilities \
  --header 'X-API-Key: <api-key>'
{
  "version": "v1",
  "repository": "gecko-security/Paperbaum",
  "data": [
    {
      "id": "3b8d0e21-4c2f-5e3d-0b44-2edf9d8b2e12",
      "scanId": "11111111-1111-1111-1111-111111111111",
      "scanName": "Weekly Security Scan",
      "scanCreatedAt": "2025-08-02T08:00:00.000Z",
      "severity": 7.5,
      "confidenceScore": 9,
      "title": "Path Traversal in File Download",
      "type": "LFI",
      "cwe": "CWE-22",
      "filePath": "api/files/download.py",
      "shortDescription": "User-controlled path allows reading arbitrary files.",
      "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
    }
  ],
  "pagination": {
    "total": 5,
    "limit": 100,
    "offset": 0,
    "hasMore": false
  },
  "filters": {
    "severity": null,
    "type": null,
    "cwe": null,
    "days": 7
  }
}

Authorizations

X-API-Key
string
header
required

Team-scoped Gecko API key. Keys start with gk_.

Path Parameters

repositoryId
string
required

URL-encoded repository path, for example gecko-security%2FPaperbaum or gitlab:group%2Fproject.

Query Parameters

severity
number

Filter to vulnerabilities with a severity greater than or equal to this value.

Required range: 0 <= x <= 10
type
string

Filter vulnerabilities by type. Gecko performs a case-insensitive substring match.

cwe
string

Filter vulnerabilities by CWE. Gecko performs a case-insensitive substring match.

days
integer

Filter results to scans created within the last N days.

Required range: x >= 1
limit
integer
default:100

Maximum number of results to return. Gecko defaults to 100 and caps the value at 1000.

Required range: 1 <= x <= 1000
offset
integer
default:0

Number of results to skip before Gecko starts returning rows.

Required range: x >= 0

Response

A paginated list of vulnerabilities for the repository.

version
string
required
Allowed value: "v1"
repository
string
required
data
object[]
required
pagination
object
required
filters
object
required