Skip to main content

List Issues For Many Package URLs

This endpoint is not available to all customers. If you are interested please contact support. Query issues for a batch of packages identified by Package URL (purl). Only direct vulnerabilities are returned, transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.

Parameters

ParameterDescription
Organization IDUnique identifier for an organization.
Package URLsA comma-separated list of Package URLs (purl). Supported purl types are apk, cargo, cocoapods, composer, deb, gem, generic, hex, maven, npm, nuget, pypi, rpm, and swift. A version for the package is also required.

Example Output

{
    "data": [
        {
            "attributes": {
                "coordinates": [
                    {
                        "remedies": [
                            {
                                "description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
                                "details": {
                                    "upgrade_package": "5.4.0,6.4.0"
                                },
                                "type": "indeterminate"
                            }
                        ],
                        "representations": [
                            {
                                "resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
                            }
                        ]
                    }
                ],
                "created_at": "2022-06-16T13:51:13Z",
                "description": "## Overview\\n\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
                "effective_severity_level": "info",
                "problems": [
                    {
                        "disclosed_at": "1970-01-01T00:00:00.000Z",
                        "discovered_at": "1970-01-01T00:00:00.000Z",
                        "id": "CWE-61",
                        "source": "CVE",
                        "updated_at": "1970-01-01T00:00:00.000Z",
                        "url": "http://example.com"
                    }
                ],
                "severities": [
                    {
                        "level": "medium",
                        "score": 5.3,
                        "source": "Snyk",
                        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                    }
                ],
                "slots": {
                    "disclosure_time": "2022-06-16T13:51:13Z",
                    "exploit": "Not Defined",
                    "publication_time": "2022-06-16T14:00:24.315507Z",
                    "references": [
                        {
                            "title": "string",
                            "url": "string"
                        }
                    ]
                },
                "title": "XML External Entity (XXE) Injection",
                "type": "package_vulnerability",
                "updated_at": "2022-06-16T14:00:24.315507Z"
            },
            "id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
            "type": "issue"
        }
    ],
    "jsonapi": {
        "version": "1.0"
    },
    "links": {
        "first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
        "last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
        "next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
    }
}

Workflow Library Example

List Issues for Many Package Urls with Snyk and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop