Skip to main content
GET
/
api
/
v1
/
scans
/
{scanId}
/
vulnerabilities
List vulnerabilities for a scan
curl --request GET \
  --url https://app.gecko.security/api/v1/scans/{scanId}/vulnerabilities \
  --header 'X-API-Key: <api-key>'
{
  "version": "v1",
  "data": [
    {
      "id": "2a7c9f10-3b1e-4f2d-9a33-1dcf8c7a1d01",
      "scanId": "00000000-0000-0000-0000-000000000001",
      "severity": 9.4,
      "confidenceScore": 8.5,
      "title": "Unbounded command template allows shell injection",
      "type": "Command Execution",
      "cwe": "CWE-78",
      "filePath": "services/reports/run_report.ts",
      "shortDescription": "User input is interpolated into a shell command without proper quoting.",
      "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    }
  ],
  "pagination": {
    "total": 1,
    "limit": 100,
    "offset": 0,
    "hasMore": false
  },
  "filters": {
    "severity": null,
    "type": null,
    "cwe": null
  }
}

Authorizations

X-API-Key
string
header
required

Team-scoped Gecko API key. Keys start with gk_.

Path Parameters

scanId
string<uuid>
required

Scan UUID.

Query Parameters

severity
number

Filter to vulnerabilities whose severity matches this value exactly.

Required range: 0 <= x <= 10
type
string

Filter vulnerabilities by type. Gecko performs a case-insensitive substring match.

cwe
string

Filter vulnerabilities by CWE. Gecko performs a case-insensitive substring match.

limit
integer
default:100

Maximum number of results to return. Gecko defaults to 100 and caps the value at 1000.

Required range: 1 <= x <= 1000
offset
integer
default:0

Number of results to skip before Gecko starts returning rows.

Required range: x >= 0

Response

A paginated list of vulnerabilities for the scan.

version
string
required
Allowed value: "v1"
data
object[]
required
pagination
object
required
filters
object
required