Skip to content
Furl Docs

List vulnerability findings

GET
/v1/vulnerability-findings

Returns a paginated list of vulnerability findings in the organization.

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Query Parameters

Section titled “Query Parameters ”
limit
integer
default: 50 >= 1 <= 100

Maximum number of findings to return.

offset
integer
0

Number of findings to skip for pagination.

endpointId
string format: uuid

Filter by endpoint ID.

targetId
string format: uuid

Filter by remediation target ID.

severity
string
Allowed values: critical high medium low info

Filter by severity level.

status
string
Allowed values: open remediated

Filter by finding status.

isKev
boolean

Filter by whether the finding is in the CISA Known Exploited Vulnerabilities catalog.

cve
string

Filter by CVE identifier (e.g., CVE-2024-1234).

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Paginated list of vulnerability findings.

object
data
required
Data

The list of vulnerability findings.

Array<object>
Vulnerability Finding

A vulnerability finding discovered on an endpoint.

object
id
required
ID

Unique identifier for the vulnerability finding.

string format: uuid
endpoint_id
required
Endpoint ID

The endpoint where this vulnerability was discovered.

string format: uuid
target_id
required
Target ID

The remediation target associated with this vulnerability.

string format: uuid
nullable
cve
required
CVE

The CVE identifier for this vulnerability (e.g., CVE-2024-1234).

string
nullable
severity
required
Severity

The severity level of the vulnerability.

string
Allowed values: critical high medium low info
cvss_score
required
CVSS Score

The CVSS score of the vulnerability (0-10).

number
nullable <= 10
is_kev
required
Is KEV

Whether this vulnerability is in the CISA Known Exploited Vulnerabilities catalog.

boolean
status
required
Status

The lifecycle status of the vulnerability finding.

string
Allowed values: open remediated
source
required
Source

The source that discovered this vulnerability.

string
title
required
Title

Human-readable title of the vulnerability.

string
nullable
description
required
Description

Detailed description of the vulnerability.

string
nullable
solution
required
Solution

Recommended solution or remediation steps.

string
nullable
detected_at
required
Detected At

When this vulnerability was first detected.

string format: date-time
remediated_at
required
Remediated At

When this vulnerability was remediated.

string format: date-time
nullable
created_at
required
Created At

When this finding record was created.

string format: date-time
updated_at
required
Updated At

When this finding record was last updated.

string format: date-time
total
required
Total

Total number of findings matching the filters.

integer
limit
required
Limit

Page size used.

integer
offset
required
Offset

Offset used.

integer

401

Section titled “401 ”

Missing or invalid API key.

object
error
required

Human-readable error message.

string

500

Section titled “500 ”

Internal server error.

object
error
required

Human-readable error message.

string