> ## Documentation Index
> Fetch the complete documentation index at: https://docs.synack.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve suspected vulnerabilities for an organization

> Fetches a paginated list of suspected vulnerabilities associated with a specific organization.
Supports comprehensive filtering by status, source, listings, categories, and search queries.




## OpenAPI

````yaml /vulns-openapi.yaml get /v1/organizations/{organizationUid}/suspected-vulnerabilities
openapi: 3.1.0
info:
  title: Vulnerability Service API
  version: 1.0.0
  description: >
    Comprehensive API for managing suspected vulnerabilities within the Synack
    platform.

    This service provides endpoints for retrieving, filtering, and triaging
    security vulnerabilities

    discovered across client assets. It supports advanced filtering, pagination,
    export functionality,

    and automated triage workflows to streamline vulnerability management
    processes.
  contact:
    name: Synack Engineering
    email: engineering@synack.com
servers:
  - url: https://client.synack.com/api/vulnerability
    description: Commercial
  - url: https://client.synack.us/api/vulnerability
    description: FedRAMP (Medium)
security: []
paths:
  /v1/organizations/{organizationUid}/suspected-vulnerabilities:
    get:
      tags:
        - Suspected Vulnerabilities
      summary: Retrieve suspected vulnerabilities for an organization
      description: >
        Fetches a paginated list of suspected vulnerabilities associated with a
        specific organization.

        Supports comprehensive filtering by status, source, listings,
        categories, and search queries.
      operationId: getSuspectedVulnerabilities
      parameters:
        - name: organizationUid
          in: path
          description: >-
            Unique identifier for the organization whose vulnerabilities are
            being retrieved
          required: true
          schema:
            type: string
        - name: status[]
          in: query
          description: >
            Filter vulnerabilities by their current status (e.g, qualified,
            in_triage, vulnerable, not_vulnerable, qualified)
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: automatedTriageStatus[]
          in: query
          description: >
            Filter by automated triage status. Indicates whether the
            vulnerability has been processed

            through automated triage workflows and its current automated
            assessment state. (e.g., eligible, ineligible, agent_review,
            ops_review, vulnerable, not_vulnerable, target_unreachable,
            out_of_scope, not_applicable)
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: source[]
          in: query
          description: >
            Filter by vulnerability detection source (e.g., 'synack', 'tenable',
            'qualys', 'tenablewas').

            Identifies the tool or method that originally discovered the
            vulnerability.
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: sourceId[]
          in: query
          description: >
            Filter by vulnerability detection source ID/job ID. This represents
            the specific

            batch or job identifier from external scanning tools that discovered
            the vulnerability.
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: listingUid[]
          in: query
          description: >
            Filter vulnerabilities by specific listing UIDs. Listings represent
            individual penetration

            testing engagements.
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: categoryId[]
          in: query
          description: >
            Filter by vulnerability category ID. Categories classify
            vulnerabilities by type

            (e.g., authorization_permissions/cross_origin_resource_sharing_cors,
            cross_site_scripting_xss/) to organize findings.
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: listingCategoryId[]
          in: query
          description: >
            Filter by the specific category of listings (penetration testing
            scopes).

            Helps narrow results to particular types of security assessments.
            (e.g., web application, mobile)
          style: form
          explode: true
          schema:
            type: array
            items:
              type: integer
              format: int32
        - name: severity[]
          in: query
          description: >
            Filter by the specific severity of vulnerabilities.

            Helps narrow results to particular types of security. (e.g., low,
            medium, high, critical, none)
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: exportFormat
          in: query
          description: >
            Specify the format for data export: 'csv' for spreadsheet analysis.
            When provided, returns downloadable file instead of JSON.
          schema:
            type: string
        - name: exportData[]
          in: query
          description: >
            Specify which fields to include in exported files. Allows
            customization of export

            content to include only relevant fields for specific reporting or
            analysis needs.

            Will return all fields by default.
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: exportColumnNames[]
          in: query
          description: >
            Specify the column headers for the exported file. Returns all custom
            names for headers in the file, it will be the same as
            SuspectedVulnerabilityResponse by default.
          style: form
          explode: true
          schema:
            type: array
            items:
              type: string
        - name: query
          in: query
          description: >
            Free-text search query to filter vulnerabilities. Searches across
            vulnerability titles,

            descriptions, asset information, and other relevant text fields for
            matching content.
          style: form
          schema:
            type: string
        - name: perPage
          in: query
          description: >
            Maximum number of vulnerability records to return per page. Controls
            pagination size

            for better performance and manageable result sets. Typical values
            range from 10-100.
          schema:
            type: integer
        - name: page
          in: query
          description: >
            Page number for paginated results. Used in conjunction with perPage
            to navigate

            through large result sets. Page numbering starts from 1.
          schema:
            type: integer
        - name: sort
          in: query
          schema:
            type: string
            default: lastDetectedAt
          description: >
            Field to sort results by: 'createdAt' for chronological discovery,
            'lastDetectedAt'

            for most recent activity, or 'cvssBase' for severity-based ordering.
        - name: sortDir
          in: query
          schema:
            type: string
            enum:
              - asc
              - desc
            default: asc
          description: |
            Sort direction: 'asc' for ascending or 'desc' for descending order.
      responses:
        '200':
          $ref: '#/components/responses/SuspectedVulnerabilitiesResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
        '500':
          $ref: '#/components/responses/InternalServerError'
      security:
        - OAuth2:
            - asset_gr
            - asset_or
            - asset_lr
components:
  responses:
    SuspectedVulnerabilitiesResponse:
      description: >
        Successfully retrieved a paginated list of suspected vulnerabilities
        matching the

        specified filter criteria, including metadata for pagination and summary
        statistics.
      content:
        application/json:
          schema:
            type: object
            properties:
              suspectedVulnerabilities:
                type: array
                description: List of suspected vulnerabilities matching the filter criteria
                items:
                  $ref: '#/components/schemas/SuspectedVulnerability'
              metadata:
                type: object
                description: Response metadata including pagination and summary information
                properties:
                  pagination:
                    $ref: '#/components/schemas/Pagination'
                  summaries:
                    $ref: '#/components/schemas/SuspectedVulnerabilitiesSummaries'
                  actions:
                    type: object
                    description: >-
                      Available actions for the suspected vulnerabilities
                      collection
        text/csv:
          schema:
            type: string
            description: CSV data of the suspected vulnerabilities
            example: >
              Asset UID,Reason Title,Reason Description,Severity,CVSS
              Base,Automated Triage Status,Confidence,False Positive,Source

              ah28034gsjdf98eqwgbjufj,Test Reason Title,Test Reason
              Description,Low,5.4,srt_review,firm,true,synack

              ah28034gsjdf98eqwgbjufj,Test Reason Title,Test Reason
              Description,Medium,6.4,srt_review,tentative,false,synack
    BadRequest:
      description: >
        Bad Request - The request is malformed, contains invalid parameters, or
        missing

        required fields. Check request syntax and parameter values.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: >
        Unauthorized - Authentication failed. The bearer token is missing,
        expired,

        invalid, or lacks sufficient permissions to access this resource.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: >
        Forbidden - Access denied. The authenticated user lacks permission to
        access

        the requested resource or perform the specified operation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    UnprocessableEntity:
      description: >
        Unprocessable Entity - The request is well-formed but contains semantic
        errors

        or business logic violations that prevent processing (e.g., invalid
        status transitions).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalServerError:
      description: >
        Internal Server Error - An unexpected server-side error occurred. This
        indicates

        a system issue that should be reported to the engineering team for
        investigation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    SuspectedVulnerability:
      type: object
      properties:
        id:
          type: integer
          format: int64
          description: Unique numeric identifier for the suspected vulnerability
          example: 2000
        assetUid:
          type: string
          description: >-
            Unique identifier for the asset where the vulnerability was
            discovered
          example: ah28034gsjdf98eqwgbjufj
        listingUid:
          type: string
          description: >-
            Unique identifier for the penetration testing listing/engagement
            scope
          example: ah28034gsjdf
        listingCodename:
          type: string
          description: Human-readable codename for the penetration testing engagement
          example: ACME-H001
        organizationUid:
          type: string
          description: Unique identifier for the organization that owns this vulnerability
          example: ah28034gsjdf
        categoryInScope:
          type: boolean
          description: >-
            Indicates whether this vulnerability category is within the current
            testing scope
        confidence:
          type: string
          description: >-
            Confidence level of the vulnerability assessment (e.g., 'firm',
            'tentative', 'certain')
          example: firm
        cvssBase:
          type: number
          format: double
          description: >-
            CVSS (Common Vulnerability Scoring System) base score indicating
            severity (0-10 scale)
          example: 5.4
        exploitableLocations:
          type: array
          description: List of key-value maps describing exploitable locations
          items:
            $ref: '#/components/schemas/StringMap'
        falsePositive:
          type: boolean
          description: >-
            Flag indicating whether this vulnerability has been determined to be
            a false positive
        payload:
          $ref: '#/components/schemas/StringMap'
          type: object
          description: Additional vulnerability data and metadata from the detection source
        referenceUrls:
          type: array
          items:
            type: string
          description: >-
            External reference URLs providing additional context about the
            vulnerability
          example:
            - >-
              https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_ec2.html
            - >-
              https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
        severity:
          type: string
          description: >-
            Normalized severity classification (e.g., 'low', 'medium', 'high',
            'critical')
          example: low
        source:
          type: string
          description: Tool or system that originally detected this vulnerability
          example: synack
        sourceId:
          type: string
          description: >-
            Unique identifier for the source job or detection run that created
            this vulnerability
          example: job-abc-123
        vulnerabilityStatusId:
          type: integer
          format: int64
          description: >-
            Numeric identifier for the vulnerability's current status in the
            workflow
        reasonTitle:
          type: string
          description: >-
            Brief title explaining the reason for the current status or
            assessment
        reasonDescription:
          type: string
          description: >-
            Detailed explanation of the reasoning behind the current status or
            triage decision
        automatedTriageStatus:
          type: string
          description: Current status of the vulnerability in the automated triage workflow
        automatedTriageStatusUpdatedAt:
          type: string
          format: date-time
          description: ISO 8601 timestamp when the automated triage status was last updated
          example: '2023-12-25T15:45:30.123Z'
        cves:
          type: array
          description: >-
            List of Common Vulnerabilities and Exposures (CVE) identifiers
            associated with this vulnerability
          items:
            type: string
            example: CVE-2025-1238923
        cwes:
          type: array
          description: >-
            List of Common Weakness Enumeration (CWE) identifiers classifying
            this vulnerability type
          items:
            type: string
            example: CWE-1238923
        status:
          type: string
          description: >-
            Current workflow status of the vulnerability (e.g., 'eligible',
            'vulnerable', 'not_vulnerable')
        typeId:
          type: string
          description: String identifier for the vulnerability type classification
          example: Type-69d55e
        typeTitle:
          type: string
          description: Title of the vulnerability type
          example: SQL Injection
        typeCategoryId:
          type: string
          description: Identifier for the category that this vulnerability type belongs to
        typeCategoryParentName:
          type: string
          description: >-
            Name of the parent category for hierarchical vulnerability
            classification
        typeCategoryChildName:
          type: string
          description: >-
            Name of the child category for hierarchical vulnerability
            classification
        typeDescription:
          type: string
          description: Description of the vulnerability type
        exploitableVulnerabilityId:
          type: string
          description: >-
            Unique identifier linking this vulnerability to exploitable
            vulnerability records
          example: test_e859b6a8371c-m001-4
        createdAt:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp when the vulnerability was first created in the
            system
          example: '2023-12-25T15:45:30.123Z'
        lastDetectedAt:
          type: string
          format: date-time
          description: >-
            ISO 8601 timestamp when the vulnerability was most recently detected
            or confirmed
          example: '2023-12-25T15:45:30.123Z'
        triageIneligibleReason:
          type: string
          description: Reason why the vulnerability is not eligible for automated triage
          example: Triage already started or performed.
        solution:
          type: string
          description: Solution to the vulnerability
          example: >-
            Microsoft has released security update KB5002113 to address this
            issue.
        vendorRiskScore:
          type: number
          description: >-
            A risk score value provided by the vendor of the imported
            vulnerability.
          example: 1.3
    Pagination:
      type: object
      description: Pagination metadata for navigating through large result sets
      required:
        - total
        - page
        - perPage
        - totalPages
      properties:
        total:
          type: integer
          description: Total number of items across all pages
        page:
          type: integer
          description: Current page number (1-based)
        perPage:
          type: integer
          description: Number of items per page
        totalPages:
          type: integer
          description: Total number of pages available
        prev:
          type: string
          description: URL for the previous page (null if on first page)
        next:
          type: string
          description: URL for the next page (null if on last page)
        first:
          type: string
          description: URL for the first page
        last:
          type: string
          description: URL for the last page
        self:
          type: string
          description: URL for the current page
    SuspectedVulnerabilitiesSummaries:
      type: object
      description: >-
        Statistical summary information about the vulnerabilities in the result
        set
      properties:
        counts:
          $ref: '#/components/schemas/SuspectedVulnerabilitiesSummaries_Counts'
    Error:
      type: object
      description: >-
        Standard error response format following RFC 7807 Problem Details
        specification
      required:
        - status
        - title
      properties:
        type:
          type: string
          description: URI reference that identifies the problem type
        status:
          type: integer
          description: HTTP status code for this occurrence of the problem
        title:
          type: string
          description: Human-readable summary of the problem type
        detail:
          type: string
          description: Human-readable explanation specific to this occurrence
        instance:
          type: string
          description: URI reference identifying the specific occurrence of the problem
    StringMap:
      type: object
      additionalProperties:
        type: string
    SuspectedVulnerabilitiesSummaries_Counts:
      type: object
      description: Numerical counts of vulnerabilities grouped by various attributes
      properties:
        severity:
          $ref: >-
            #/components/schemas/SuspectedVulnerabilitiesSummaries_SummarySeverity
        status:
          $ref: '#/components/schemas/SuspectedVulnerabilitiesSummaries_SummaryStatus'
    SuspectedVulnerabilitiesSummaries_SummarySeverity:
      type: object
      description: Summary severity of the vulnerabilities
      properties:
        critical:
          type: integer
          description: Number of critical severity vulnerabilities
        high:
          type: integer
          description: Number of high severity vulnerabilities
        medium:
          type: integer
          description: Number of medium severity vulnerabilities
        low:
          type: integer
          description: Number of low severity vulnerabilities
        none:
          type: integer
          description: Number of vulnerabilities with no assigned severity
          example: 0
        total:
          type: integer
          description: Total number of vulnerabilities across all severity levels
          example: 100
    SuspectedVulnerabilitiesSummaries_SummaryStatus:
      type: object
      description: Summary status of the vulnerabilities
      properties:
        eligible:
          type: integer
          description: Number of eligible vulnerabilities
          example: 10
        ineligible:
          type: integer
          description: Number of ineligible vulnerabilities
          example: 10
        agent_review:
          type: integer
          description: Number of vulnerabilities awaiting agent review
          example: 10
        ops_review:
          type: integer
          description: Number of vulnerabilities awaiting operations team review
          example: 10
        srt_review:
          type: integer
          description: Number of vulnerabilities awaiting security research team review
          example: 10
        vulnerable:
          type: integer
          description: Number of confirmed vulnerable findings
          example: 10
        not_vulnerable:
          type: integer
          description: Number of findings determined to be not vulnerable
          example: 10
        out_of_scope:
          type: integer
          description: Number of findings determined to be out of scope
          example: 10
        target_unreachable:
          type: integer
          description: Number of findings determined to be target unreachable
          example: 10
        not_applicable:
          type: integer
          description: Number of findings determined to be not applicable
          example: 10
        total:
          type: integer
          description: Total number of vulnerabilities across all status categories
          example: 100
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: login.synack.com
          scopes:
            asset_lr: Grants per-listing read access for all types of assets.
            asset_srt_lr: Grants per-listing read access to assets that may be read by SRTs.
            asset_or: >-
              Grants organization-level read access for all types of assets
              owned by a particular organization.
            asset_boss_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by BOSS users.
            asset_boss_lw: >-
              Grants per-listing write access to assets that may be modified by
              BOSS users.
            asset_client_ow: >-
              Grants organization-level access to assets owned by a particular
              organization that may be modified by Client users.
            asset_client_lw: >-
              Grants per-listing write access to assets that may be modified by
              Client users.
            asset_user_or: >-
              Grants user-level read access to asset stats that owned by a
              particular organization.
            asset_gr: >-
              Grants unrestricted read access to all assets. Except for
              credential data of cloud accout assets.
            asset_gw: Grants unrestricted write access to all assets.
            asset_scan_gr: >-
              Grants unrestricted read access to all assets. Including
              credential data of cloud account assets.

````