Skip to main content
Query issues for a specific package version identified by Package URL (purl). Snyk returns only direct vulnerabilities. Transitive vulnerabilities (from dependencies) are not returned because they can vary depending on context.
External DocumentationTo learn more, visit the Snyk documentation.

Basic Parameters

ParameterDescription
Organization IDUnique identifier for an organization.
PURLA URI-encoded Package URL (purl). Supported purl types are apk, cargo, cocoapods, composer, deb, gem, generic, hex, maven, npm, nuget, pypi, rpm, and swift. A version for the package is also required.
Return All PagesAutomatically fetch all resources, page by page.

Advanced Parameters

ParameterDescription
LimitSpecify the number of results to return. Must be greater than 0 and less than 1000. Default is 1000.
OffsetSpecify the number of results to skip before returning results. Must be greater than or equal to 0. Default is 0.

Example Output

{
	"data": [
		{
			"attributes": {
				"coordinates": [
					{
						"remedies": [
							{
								"description": "Upgrade the package version to 5.4.0,6.4.0 to fix this vulnerability",
								"details": {
									"upgrade_package": "5.4.0,6.4.0"
								},
								"type": "indeterminate"
							}
						],
						"representations": [
							{
								"resource_path": ",5.4.0),[6.0.0.pr1,6.4.0)"
							}
						]
					}
				],
				"created_at": "2022-06-16T13:51:13Z",
				"description": "## Overview\n\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection.",
				"effective_severity_level": "info",
				"problems": [
					{
						"disclosed_at": "1970-01-01T00:00:00.000Z",
						"discovered_at": "1970-01-01T00:00:00.000Z",
						"id": "CWE-61",
						"source": "CVE",
						"updated_at": "1970-01-01T00:00:00.000Z",
						"url": "http://example.com"
					}
				],
				"severities": [
					{
						"level": "medium",
						"score": 5.3,
						"source": "Snyk",
						"type": "primary",
						"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
						"version": "4.0"
					}
				],
				"slots": {
					"disclosure_time": "2022-06-16T13:51:13Z",
					"exploit_details": {
						"maturity_levels": [
							{
								"format": "CVSSv4",
								"level": "Attacked",
								"type": "primary"
							}
						],
						"sources": [
							"string"
						]
					},
					"publication_time": "2022-06-16T14:00:24.315507Z",
					"references": [
						{
							"title": "string",
							"url": "string"
						}
					]
				},
				"title": "XML External Entity (XXE) Injection",
				"type": "package_vulnerability",
				"updated_at": "2022-06-16T14:00:24.315507Z"
			},
			"id": "SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754",
			"type": "issue"
		}
	],
	"jsonapi": {
		"version": "1.0"
	},
	"links": {
		"first": "https://example.com/api/resource?ending_before=v1.eyJpZCI6IjExIn0K",
		"last": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjMwIn0K",
		"next": "https://example.com/api/resource?starting_after=v1.eyJpZCI6IjEwIn0K"
	},
	"meta": {
		"match": {
			"description": "Package and checksum both match",
			"details": {
				"checksum": true,
				"name_version": true
			},
			"input": {
				"checksum": "sha1:abc123",
				"purl": "pkg:maven/com.example/my-package@1.0.0?checksum=sha1:abc123"
			},
			"type": "full"
		},
		"package": {
			"name": "spring-core",
			"namespace": "org.springframework",
			"type": "maven",
			"url": "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0",
			"version": "1.0.0"
		}
	}
}

Workflow Library Example

Query Issues by Package Url with Snyk and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop