> ## Documentation Index
> Fetch the complete documentation index at: https://docs.synack.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve a specific suspected vulnerability

> Fetches detailed information for a single suspected vulnerability by its unique identifier.
Returns comprehensive vulnerability data including metadata, triage information, and related assets.




## OpenAPI

````yaml /vulns-openapi.yaml get /v1/organizations/{organizationUid}/suspected-vulnerabilities/{id}
openapi: 3.1.0
info:
  title: Vulnerability Service API
  version: 1.0.0
  description: >
    Comprehensive API for managing suspected vulnerabilities within the Synack
    platform.

    This service provides endpoints for retrieving, filtering, and triaging
    security vulnerabilities

    discovered across client assets. It supports advanced filtering, pagination,
    export functionality,

    and automated triage workflows to streamline vulnerability management
    processes.
  contact:
    name: Synack Engineering
    email: engineering@synack.com
servers:
  - url: https://client.synack.com/api/vulnerability
    description: Commercial
  - url: https://client.synack.us/api/vulnerability
    description: FedRAMP (Medium)
security: []
paths:
  /v1/organizations/{organizationUid}/suspected-vulnerabilities/{id}:
    get:
      tags:
        - Suspected Vulnerabilities
      summary: Retrieve a specific suspected vulnerability
      description: >
        Fetches detailed information for a single suspected vulnerability by its
        unique identifier.

        Returns comprehensive vulnerability data including metadata, triage
        information, and related assets.
      operationId: getSuspectedVulnerability
      parameters:
        - name: organizationUid
          in: path
          required: true
          description: >
            Unique identifier for the organization that owns the vulnerability
            being retrieved
          schema:
            type: string
        - name: id
          in: path
          description: >
            Unique identifier for the specific suspected vulnerability to
            retrieve
          required: true
          schema:
            type: integer
            format: int32
      responses:
        '200':
          $ref: '#/components/responses/SuspectedVulnerabilityResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
        '500':
          $ref: '#/components/responses/InternalServerError'
        default:
          $ref: '#/components/responses/UnexpectedError'
      security:
        - OAuth2:
            - asset_gr
            - asset_or
            - asset_lr
components:
  responses:
    SuspectedVulnerabilityResponse:
      description: >
        Successfully retrieved detailed information for a single suspected
        vulnerability,

        including associated triage data and related metadata.
      content:
        application/json:
          schema:
            type: object
            properties:
              suspectedVulnerability:
                $ref: '#/components/schemas/SuspectedVulnerabilityWithTriages'
              metadata:
                $ref: '#/components/schemas/Metadata'
    BadRequest:
      description: >
        Bad Request - The request is malformed, contains invalid parameters, or
        missing

        required fields. Check request syntax and parameter values.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: >
        Unauthorized - Authentication failed. The bearer token is missing,
        expired,

        invalid, or lacks sufficient permissions to access this resource.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >
        Forbidden - Access denied. The authenticated user lacks permission to
        access

        the requested resource or perform the specified operation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: |
        Not Found - The requested resource does not exist. This may occur when
        referencing invalid organization UIDs or non-existent vulnerability IDs.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    UnprocessableEntity:
      description: >
        Unprocessable Entity - The request is well-formed but contains semantic
        errors

        or business logic violations that prevent processing (e.g., invalid
        status transitions).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalServerError:
      description: >
        Internal Server Error - An unexpected server-side error occurred. This
        indicates

        a system issue that should be reported to the engineering team for
        investigation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    UnexpectedError:
      description: >
        Unexpected Error - An unhandled error condition occurred. This
        represents

        an edge case scenario that requires technical support intervention.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    SuspectedVulnerabilityWithTriages:
      description: >
        Extended suspected vulnerability schema that includes embedded triage
        assessments.

        Used specifically for single vulnerability responses where triage data
        is included.
      allOf:
        - $ref: '#/components/schemas/SuspectedVulnerability'
        - type: object
          properties:
            triages:
              type: array
              description: Associated triage assessments for this vulnerability
              items:
                $ref: '#/components/schemas/SuspectedVulnerabilityTriage'
    Metadata:
      type: object
      description: Additional metadata accompanying API responses
      properties:
        pagination:
          $ref: '#/components/schemas/Pagination'
        actions:
          type: object
          description: Available actions that can be performed on the returned data
    Error:
      type: object
      description: >-
        Standard error response format following RFC 7807 Problem Details
        specification
      required:
        - status
        - title
      properties:
        type:
          type: string
          description: URI reference that identifies the problem type
        status:
          type: integer
          description: HTTP status code for this occurrence of the problem
        title:
          type: string
          description: Human-readable summary of the problem type
        detail:
          type: string
          description: Human-readable explanation specific to this occurrence
        instance:
          type: string
          description: URI reference identifying the specific occurrence of the problem
    SuspectedVulnerability:
      type: object
      properties:
        id:
          type: integer
          format: int64
          description: Unique numeric identifier for the suspected vulnerability
          example: 2000
        assetUid:
          type: string
          description: >-
            Unique identifier for the asset where the vulnerability was
            discovered
          example: ah28034gsjdf98eqwgbjufj
        listingUid:
          type: string
          description: >-
            Unique identifier for the penetration testing listing/engagement
            scope
          example: ah28034gsjdf
        listingCodename:
          type: string
          description: Human-readable codename for the penetration testing engagement
          example: ACME-H001
        organizationUid:
          type: string
          description: Unique identifier for the organization that owns this vulnerability
          example: ah28034gsjdf
        categoryInScope:
          type: boolean
          description: >-
            Indicates whether this vulnerability category is within the current
            testing scope
        confidence:
          type: string
          description: >-
            Confidence level of the vulnerability assessment (e.g., 'firm',
            'tentative', 'certain')
          example: firm
        cvssBase:
          type: number
          format: double
          description: >-
            CVSS (Common Vulnerability Scoring System) base score indicating
            severity (0-10 scale)
          example: 5.4
        exploitableLocations:
          type: array
          description: List of key-value maps describing exploitable locations
          items:
            $ref: '#/components/schemas/StringMap'
        falsePositive:
          type: boolean
          description: >-
            Flag indicating whether this vulnerability has been determined to be
            a false positive
        payload:
          $ref: '#/components/schemas/StringMap'
          type: object
          description: Additional vulnerability data and metadata from the detection source
        referenceUrls:
          type: array
          items:
            type: string
          description: >-
            External reference URLs providing additional context about the
            vulnerability
          example:
            - >-
              https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_ec2.html
            - >-
              https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
        severity:
          type: string
          description: >-
            Normalized severity classification (e.g., 'low', 'medium', 'high',
            'critical')
          example: low
        source:
          type: string
          description: Tool or system that originally detected this vulnerability
          example: synack
        sourceId:
          type: string
          description: >-
            Unique identifier for the source job or detection run that created
            this vulnerability
          example: job-abc-123
        vulnerabilityStatusId:
          type: integer
          format: int64
          description: >-
            Numeric identifier for the vulnerability's current status in the
            workflow
        reasonTitle:
          type: string
          description: >-
            Brief title explaining the reason for the current status or
            assessment
        reasonDescription:
          type: string
          description: >-
            Detailed explanation of the reasoning behind the current status or
            triage decision
        automatedTriageStatus:
          type: string
          description: Current status of the vulnerability in the automated triage workflow
        automatedTriageStatusUpdatedAt:
          type: string
          format: date-time
          description: ISO 8601 timestamp when the automated triage status was last updated
          example: '2023-12-25T15:45:30.123Z'
        cves:
          type: array
          description: >-
            List of Common Vulnerabilities and Exposures (CVE) identifiers
            associated with this vulnerability
          items:
            type: string
            example: CVE-2025-1238923
        cwes:
          type: array
          description: >-
            List of Common Weakness Enumeration (CWE) identifiers classifying
            this vulnerability type
          items:
            type: string
            example: CWE-1238923
        status:
          type: string
          description: >-
            Current workflow status of the vulnerability (e.g., 'eligible',
            'vulnerable', 'not_vulnerable')
        typeId:
          type: string
          description: String identifier for the vulnerability type classification
          example: Type-69d55e
        typeTitle:
          type: string
          description: Title of the vulnerability type
          example: SQL Injection
        typeCategoryId:
          type: string
          description: Identifier for the category that this vulnerability type belongs to
        typeCategoryParentName:
          type: string
          description: >-
            Name of the parent category for hierarchical vulnerability
            classification
        typeCategoryChildName:
          type: string
          description: >-
            Name of the child category for hierarchical vulnerability
            classification
        typeDescription:
          type: string
          description: Description of the vulnerability type
        exploitableVulnerabilityId:
          type: string
          description: >-
            Unique identifier linking this vulnerability to exploitable
            vulnerability records
          example: test_e859b6a8371c-m001-4
        createdAt:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp when the vulnerability was first created in the
            system
          example: '2023-12-25T15:45:30.123Z'
        lastDetectedAt:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp when the vulnerability was most recently detected
            or confirmed
          example: '2023-12-25T15:45:30.123Z'
        triageIneligibleReason:
          type: string
          description: Reason why the vulnerability is not eligible for automated triage
          example: Triage already started or performed.
        solution:
          type: string
          description: Solution to the vulnerability
          example: >-
            Microsoft has released security update KB5002113 to address this
            issue.
        vendorRiskScore:
          type: number
          description: >-
            A risk score value provided by the vendor of the imported
            vulnerability.
          example: 1.3
    SuspectedVulnerabilityTriage:
      type: object
      description: >-
        Triage assessment data for a vulnerability, including analysis and
        reporting
      properties:
        id:
          type: string
          description: Unique identifier for this triage assessment
        content:
          type: object
          description: Detailed content of the triage analysis
          properties:
            thoughts:
              type: array
              description: >-
                List of analytical thoughts or observations from the triage
                process
              items:
                $ref: '#/components/schemas/ExternalJobTriageAgentThought'
            report:
              type: string
              description: Comprehensive triage report with findings and recommendations
    Pagination:
      type: object
      description: Pagination metadata for navigating through large result sets
      required:
        - total
        - page
        - perPage
        - totalPages
      properties:
        total:
          type: integer
          description: Total number of items across all pages
        page:
          type: integer
          description: Current page number (1-based)
        perPage:
          type: integer
          description: Number of items per page
        totalPages:
          type: integer
          description: Total number of pages available
        prev:
          type: string
          description: URL for the previous page (null if on first page)
        next:
          type: string
          description: URL for the next page (null if on last page)
        first:
          type: string
          description: URL for the first page
        last:
          type: string
          description: URL for the last page
        self:
          type: string
          description: URL for the current page
    StringMap:
      type: object
      additionalProperties:
        type: string
    ExternalJobTriageAgentThought:
      type: object
      description: >-
        Thought data for a vulnerability triage, including analysis and
        reporting
      properties:
        triageId:
          type: string
          description: Unique identifier for this triage assessment
        targetId:
          type: string
          description: Unique identifier for the target of this triage assessment
        thoughtId:
          type: string
          description: Unique identifier for this thought
        thoughtType:
          type: string
          description: Type of thought
        thoughtContent:
          type: string
          description: Content of the thought
        toolExecution:
          $ref: '#/components/schemas/ExternalJobTriageAgentToolExecution'
        block:
          $ref: '#/components/schemas/ExternalJobTriageAgentBlock'
        addedAt:
          type: string
          format: date-time
          description: ISO 8601 timestamp when the thought was added
    ExternalJobTriageAgentToolExecution:
      type: object
      description: >-
        Tool execution data for a vulnerability triage, including analysis and
        reporting
      properties:
        name:
          type: string
          description: Name of the tool
        input:
          type: string
          description: Input to the tool
        output:
          type: string
          description: Output of the tool
        error:
          type: string
          description: Error of the tool
    ExternalJobTriageAgentBlock:
      type: object
      description: Block data for a vulnerability triage, including analysis and reporting
      properties:
        parentThoughtId:
          type: string
          description: Unique identifier for the parent thought
        predecessorThoughtId:
          type: string
          description: Unique identifier for the predecessor thought
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: login.synack.com
          scopes:
            asset_lr: Grants per-listing read access for all types of assets.
            asset_srt_lr: Grants per-listing read access to assets that may be read by SRTs.
            asset_or: >-
              Grants organization-level read access for all types of assets
              owned by a particular organization.
            asset_boss_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by BOSS users.
            asset_boss_lw: >-
              Grants per-listing write access to assets that may be modified by
              BOSS users.
            asset_client_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by Client users.
            asset_client_lw: >-
              Grants per-listing write access to assets that may be modified by
              Client users.
            asset_user_or: >-
              Grants user-level read access to asset stats that owned by a
              particular organization.
            asset_gr: >-
              Grants unrestricted read access to all assets. Except for
              credential data of cloud accout assets.
            asset_gw: Grants unrestricted write access to all assets.
            asset_scan_gr: >-
              Grants unrestricted read access to all assets. Including
              credential data of cloud account assets.

````