Skip to main content
GET
/
api
/
v1
/
scans
/
{scanId}
/
vulnerabilities
List vulnerabilities for a scan
curl --request GET \
  --url https://app.gecko.security/api/v1/scans/{scanId}/vulnerabilities \
  --header 'X-API-Key: <api-key>'
{ "version": "v1", "data": [ { "id": "2a7c9f10-3b1e-4f2d-9a33-1dcf8c7a1d01", "scanId": "00000000-0000-0000-0000-000000000001", "severity": 9.4, "confidenceScore": 8.5, "title": "Unbounded command template allows shell injection", "type": "Command Execution", "cwe": "CWE-78", "filePath": "services/reports/run_report.ts", "shortDescription": "User input is interpolated into a shell command without proper quoting.", "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "pagination": { "total": 1, "limit": 100, "offset": 0, "hasMore": false }, "filters": { "severity": null, "type": null, "cwe": null } }

Authorizations

X-API-Key
string
header
required

Team-scoped Gecko API key. Keys start with gk_.

Path Parameters

scanId
string<uuid>
required

Scan UUID.

Query Parameters

severity
number

Filter to vulnerabilities whose severity matches this value exactly.

Required range: 0 <= x <= 10
type
string

Filter vulnerabilities by type. Gecko performs a case-insensitive substring match.

cwe
string

Filter vulnerabilities by CWE. Gecko performs a case-insensitive substring match.

limit
integer
default:100

Maximum number of results to return. Gecko defaults to 100 and caps the value at 1000.

Required range: 1 <= x <= 1000
offset
integer
default:0

Number of results to skip before Gecko starts returning rows.

Required range: x >= 0

Response

A paginated list of vulnerabilities for the scan.

version
string
required
Allowed value: "v1"
data
object[]
required
pagination
object
required
filters
object
required