Skip to main content
GET
/
v1
/
organizations
/
{organizationUid}
/
suspected-vulnerabilities
Retrieve suspected vulnerabilities for an organization
curl --request GET \
  --url https://{environment}.synack.com/api/vulnerability/v1/organizations/{organizationUid}/suspected-vulnerabilities
{
  "suspectedVulnerabilities": [
    {
      "id": 2000,
      "assetUid": "ah28034gsjdf98eqwgbjufj",
      "listingUid": "ah28034gsjdf",
      "listingCodename": "ACME-H001",
      "organizationUid": "ah28034gsjdf",
      "categoryInScope": true,
      "confidence": "firm",
      "cvssBase": 5.4,
      "exploitableLocations": [
        {}
      ],
      "falsePositive": true,
      "payload": {},
      "referenceUrls": [
        "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_ec2.html",
        "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html"
      ],
      "severity": "low",
      "source": "synack",
      "sourceId": "job-abc-123",
      "vulnerabilityStatusId": 123,
      "reasonTitle": "<string>",
      "reasonDescription": "<string>",
      "automatedTriageStatus": "<string>",
      "automatedTriageStatusUpdatedAt": "2023-12-25T15:45:30.123Z",
      "cves": [
        "CVE-2025-1238923"
      ],
      "cwes": [
        "CWE-1238923"
      ],
      "status": "<string>",
      "typeId": "Type-69d55e",
      "typeTitle": "SQL Injection",
      "typeCategoryId": "<string>",
      "typeCategoryParentName": "<string>",
      "typeCategoryChildName": "<string>",
      "typeDescription": "<string>",
      "exploitableVulnerabilityId": "test_e859b6a8371c-m001-4",
      "createdAt": "2023-12-25T15:45:30.123Z",
      "lastDetectedAt": "2023-12-25T15:45:30.123Z",
      "triageIneligibleReason": "Triage already started or performed.",
      "solution": "Microsoft has released security update KB5002113 to address this issue.",
      "vendorRiskScore": 1.3
    }
  ],
  "metadata": {
    "pagination": {
      "total": 123,
      "page": 123,
      "perPage": 123,
      "totalPages": 123,
      "prev": "<string>",
      "next": "<string>",
      "first": "<string>",
      "last": "<string>",
      "self": "<string>"
    },
    "summaries": {
      "counts": {
        "severity": {
          "critical": 123,
          "high": 123,
          "medium": 123,
          "low": 123,
          "none": 0,
          "total": 100
        },
        "status": {
          "eligible": 10,
          "ineligible": 10,
          "agent_review": 10,
          "ops_review": 10,
          "srt_review": 10,
          "vulnerable": 10,
          "not_vulnerable": 10,
          "out_of_scope": 10,
          "target_unreachable": 10,
          "not_applicable": 10,
          "total": 100
        }
      }
    },
    "actions": {}
  }
}

Path Parameters

organizationUid
string
required

Unique identifier for the organization whose vulnerabilities are being retrieved

Query Parameters

status[]
string[]

Filter vulnerabilities by their current status (e.g, qualified, in_triage, vulnerable, not_vulnerable, qualified)

automatedTriageStatus[]
string[]

Filter by automated triage status. Indicates whether the vulnerability has been processed through automated triage workflows and its current automated assessment state. (e.g., eligible, ineligible, agent_review, ops_review, vulnerable, not_vulnerable, target_unreachable, out_of_scope, not_applicable)

source[]
string[]

Filter by vulnerability detection source (e.g., 'synack', 'tenable', 'qualys', 'tenablewas'). Identifies the tool or method that originally discovered the vulnerability.

sourceId[]
string[]

Filter by vulnerability detection source ID/job ID. This represents the specific batch or job identifier from external scanning tools that discovered the vulnerability.

listingUid[]
string[]

Filter vulnerabilities by specific listing UIDs. Listings represent individual penetration testing engagements.

categoryId[]
string[]

Filter by vulnerability category ID. Categories classify vulnerabilities by type (e.g., authorization_permissions/cross_origin_resource_sharing_cors, cross_site_scripting_xss/) to organize findings.

listingCategoryId[]
integer<int32>[]

Filter by the specific category of listings (penetration testing scopes). Helps narrow results to particular types of security assessments. (e.g., web application, mobile)

severity[]
string[]

Filter by the specific severity of vulnerabilities. Helps narrow results to particular types of security. (e.g., low, medium, high, critical, none)

exportFormat
string

Specify the format for data export: 'csv' for spreadsheet analysis. When provided, returns downloadable file instead of JSON.

exportData[]
string[]

Specify which fields to include in exported files. Allows customization of export content to include only relevant fields for specific reporting or analysis needs. Will return all fields by default.

exportColumnNames[]
string[]

Specify the column headers for the exported file. Returns all custom names for headers in the file, it will be the same as SuspectedVulnerabilityResponse by default.

query
string

Free-text search query to filter vulnerabilities. Searches across vulnerability titles, descriptions, asset information, and other relevant text fields for matching content.

perPage
integer

Maximum number of vulnerability records to return per page. Controls pagination size for better performance and manageable result sets. Typical values range from 10-100.

page
integer

Page number for paginated results. Used in conjunction with perPage to navigate through large result sets. Page numbering starts from 1.

sort
string
default:lastDetectedAt

Field to sort results by: 'createdAt' for chronological discovery, 'lastDetectedAt' for most recent activity, or 'cvssBase' for severity-based ordering.

sortDir
enum<string>
default:asc

Sort direction: 'asc' for ascending or 'desc' for descending order.

Available options:
asc,
desc

Response

Successfully retrieved a paginated list of suspected vulnerabilities matching the specified filter criteria, including metadata for pagination and summary statistics.

suspectedVulnerabilities
object[]

List of suspected vulnerabilities matching the filter criteria

metadata
object

Response metadata including pagination and summary information