List vulnerabilities across the active team - Gecko Security

List vulnerabilities across the active team

curl --request GET \
  --url https://app.gecko.security/api/v1/vulnerabilities \
  --header 'X-API-Key: <api-key>'

{
  "version": "v1",
  "data": [
    {
      "id": "2a7c9f10-3b1e-4f2d-9a33-1dcf8c7a1d01",
      "scanId": "00000000-0000-0000-0000-000000000001",
      "scanName": "My Repository Scan",
      "scanCreatedAt": "2025-08-01T10:00:00.000Z",
      "severity": 9.4,
      "confidenceScore": 8.5,
      "title": "SQL Injection in User Search",
      "type": "SQLI",
      "cwe": "CWE-89",
      "filePath": "api/users/search.py",
      "shortDescription": "User input directly concatenated into SQL query.",
      "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    }
  ],
  "pagination": {
    "total": 42,
    "limit": 100,
    "offset": 0,
    "hasMore": false
  },
  "filters": {
    "severity": null,
    "type": null,
    "cwe": null,
    "scan_id": null,
    "days": 14
  }
}

GET

/

api

/

v1

/

vulnerabilities

List vulnerabilities across the active team

curl --request GET \
  --url https://app.gecko.security/api/v1/vulnerabilities \
  --header 'X-API-Key: <api-key>'

{
  "version": "v1",
  "data": [
    {
      "id": "2a7c9f10-3b1e-4f2d-9a33-1dcf8c7a1d01",
      "scanId": "00000000-0000-0000-0000-000000000001",
      "scanName": "My Repository Scan",
      "scanCreatedAt": "2025-08-01T10:00:00.000Z",
      "severity": 9.4,
      "confidenceScore": 8.5,
      "title": "SQL Injection in User Search",
      "type": "SQLI",
      "cwe": "CWE-89",
      "filePath": "api/users/search.py",
      "shortDescription": "User input directly concatenated into SQL query.",
      "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    }
  ],
  "pagination": {
    "total": 42,
    "limit": 100,
    "offset": 0,
    "hasMore": false
  },
  "filters": {
    "severity": null,
    "type": null,
    "cwe": null,
    "scan_id": null,
    "days": 14
  }
}

Authorizations

X-API-Key

string

header

required

Team-scoped Gecko API key. Keys start with gk_.

Query Parameters

severity

number

Filter to vulnerabilities with a severity greater than or equal to this value.

Required range: 0 <= x <= 10

type

string

Filter vulnerabilities by type. Gecko performs a case-insensitive substring match.

cwe

string

Filter vulnerabilities by CWE. Gecko performs a case-insensitive substring match.

scan_id

string<uuid>

Filter cross-scan vulnerability results to a single scan UUID.

days

integer

Filter results to scans created within the last N days.

Required range: x >= 1

limit

integer

default:100

Maximum number of results to return. Gecko defaults to 100 and caps the value at 1000.

Required range: 1 <= x <= 1000

offset

integer

default:0

Number of results to skip before Gecko starts returning rows.

Required range: x >= 0

Response

A paginated list of vulnerabilities across the active team.

version

string

required

Allowed value: "v1"

data

object[]

required

Show child attributes

pagination

object

required

Show child attributes

filters

object

required

Show child attributes

List vulnerabilities for a repository Check API health