Skip to main content
GET
/
api
/
v1
/
vulnerabilities
List vulnerabilities across the active team
curl --request GET \
  --url https://app.gecko.security/api/v1/vulnerabilities \
  --header 'X-API-Key: <api-key>'
{
  "version": "v1",
  "data": [
    {
      "id": "2a7c9f10-3b1e-4f2d-9a33-1dcf8c7a1d01",
      "scanId": "00000000-0000-0000-0000-000000000001",
      "scanName": "My Repository Scan",
      "scanCreatedAt": "2025-08-01T10:00:00.000Z",
      "severity": 9.4,
      "confidenceScore": 8.5,
      "title": "SQL Injection in User Search",
      "type": "SQLI",
      "cwe": "CWE-89",
      "filePath": "api/users/search.py",
      "shortDescription": "User input directly concatenated into SQL query.",
      "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    }
  ],
  "pagination": {
    "total": 42,
    "limit": 100,
    "offset": 0,
    "hasMore": false
  },
  "filters": {
    "severity": null,
    "type": null,
    "cwe": null,
    "scan_id": null,
    "days": 14
  }
}

Documentation Index

Fetch the complete documentation index at: https://gecko.security/docs/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

X-API-Key
string
header
required

Team-scoped Gecko API key. Keys start with gk_.

Query Parameters

severity
number

Filter to vulnerabilities with a severity greater than or equal to this value.

Required range: 0 <= x <= 10
type
string

Filter vulnerabilities by type. Gecko performs a case-insensitive substring match.

cwe
string

Filter vulnerabilities by CWE. Gecko performs a case-insensitive substring match.

scan_id
string<uuid>

Filter cross-scan vulnerability results to a single scan UUID.

days
integer

Filter results to scans created within the last N days.

Required range: x >= 1
limit
integer
default:100

Maximum number of results to return. Gecko defaults to 100 and caps the value at 1000.

Required range: 1 <= x <= 1000
offset
integer
default:0

Number of results to skip before Gecko starts returning rows.

Required range: x >= 0

Response

A paginated list of vulnerabilities across the active team.

version
string
required
Allowed value: "v1"
data
object[]
required
pagination
object
required
filters
object
required