List

curl --request GET \
  --url https://{region}.api.plerion.com/v1/tenant/vulnerabilities \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "schemaVersion": "2022-06-09",
      "assetId": "prn:assets:a",
      "organizationId": "98ca8825-a65a-4b50-a6f0-4851c406aedc",
      "tenantId": "98ca8825-a65a-4b50-a6f0-4851c406aedc",
      "integrationId": "98ca8825-a65a-4b50-a6f0-4851c406aedc",
      "vulnerabilityId": "CVE-2022-22965",
      "provider": "AWS",
      "assetType": "AWS::EC2::Instance",
      "description": "A flaw was found in shadow-utils.",
      "severityLevel": "HIGH",
      "firstObservedAt": "2023-10-27T04:54:37.830Z",
      "lastObservedAt": "2023-10-27T04:54:37.830Z",
      "publishedDate": "2023-10-27T04:54:37.830Z",
      "executionId": "1678607803935",
      "title": "Sample Vulnerability Title",
      "targetName": "EcsTaskDefinition:15 > nginx:1.19.1-alpine-perl",
      "severitySource": "redhat",
      "primaryUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-22965",
      "packages": [
        {
          "packageName": "sample-package",
          "targetName": "EcsTaskDefinition:15 > nginx:1.19.1-alpine-perl",
          "targetType": "sample-target-type",
          "targetPath": "ip-172-31-29-14.ap-southeast-2.compute.internal",
          "targetClass": "os-pkgs",
          "fixedVersion": "1.0.1",
          "installedVersion": "1.0.0"
        }
      ],
      "cwes": [
        {
          "id": "1",
          "name": "CWE-123",
          "cweId": "CWE-123",
          "source": "MITRE",
          "sourceUrl": "https://example.com/cwe/CWE-123",
          "description": "This is a sample CWE description."
        }
      ],
      "hasKev": true,
      "hasExploit": false,
      "hasVendorFix": true,
      "knownExploit": {
        "cveID": "CVE-2022-22965",
        "notes": "",
        "dueDate": "2022-04-25",
        "product": "Spring Framework",
        "dateAdded": "2022-04-04",
        "vendorProject": "VMware",
        "requiredAction": "Apply updates per vendor instructions.",
        "shortDescription": "Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.",
        "vulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability"
      },
      "exploits": [
        {
          "id": "1",
          "title": "Sample Exploit Title",
          "description": "This is a sample exploit description.",
          "source": "MITRE",
          "sourceUrl": "https://example.com/exploit/CVE-2023-12345"
        }
      ],
      "exemptions": [
        {
          "exemptionId": "e26380da-946e-496e-bebe-9774dae93ed5",
          "exemption": {
            "name": "exemption-rule-001",
            "reason": "ACCEPTED_RISK",
            "createdAt": "2025-06-05T04:54:49.495Z",
            "updatedAt": "2025-06-05T04:54:49.495Z",
            "rules": [
              {
                "exemptionType": "ASSET_VULNERABILITY",
                "vulnerabilityId": "CVE-2025-12345",
                "vulnerabilityIds": [
                  "CVE-2025-12345"
                ],
                "assetIds": [
                  "prn:assets:c00720a1-c167-4fbf-87ea-b6172949b62d:aws:ec2:instance:ap-southeast-2:i-02dd74c78250f9f1a"
                ],
                "assetGroupIds": [
                  "e26380da-946e-496e-bebe-9774dae93ed5"
                ],
                "assetRegions": [
                  "ap-southeast-2"
                ],
                "assetTags": [
                  {
                    "key": "Owner",
                    "value": "TeamOne"
                  }
                ],
                "noVendorFix": false
              }
            ]
          }
        }
      ],
      "severityLevelValue": 4
    }
  ],
  "meta": {
    "page": 123,
    "perPage": 123,
    "total": 123,
    "hasNextPage": true,
    "hasPreviousPage": true
  }
}

List Vulnerabilities in a tenant

Use the list vulnerabilities API to filter vulnerabilities across the tenant with many options from Organization, Tenant, Integration, Asset, Severity, etc. By default all vulnerabilities are returned.

Date range filtering is supported using the firstObservedAtStart and firstObservedAtEnd parameters:

firstObservedAtStart alone: Includes vulnerabilities observed from the specified date to the present.
firstObservedAtEnd alone: Includes vulnerabilities observed up to the specified date.
Both provided: Includes vulnerabilities observed within the specified date range.

Date strings must follow ISO 8601 format (e.g., 2023-02-01T18:09:07Z).

GET

tenant

vulnerabilities

List

curl --request GET \
  --url https://{region}.api.plerion.com/v1/tenant/vulnerabilities \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "schemaVersion": "2022-06-09",
      "assetId": "prn:assets:a",
      "organizationId": "98ca8825-a65a-4b50-a6f0-4851c406aedc",
      "tenantId": "98ca8825-a65a-4b50-a6f0-4851c406aedc",
      "integrationId": "98ca8825-a65a-4b50-a6f0-4851c406aedc",
      "vulnerabilityId": "CVE-2022-22965",
      "provider": "AWS",
      "assetType": "AWS::EC2::Instance",
      "description": "A flaw was found in shadow-utils.",
      "severityLevel": "HIGH",
      "firstObservedAt": "2023-10-27T04:54:37.830Z",
      "lastObservedAt": "2023-10-27T04:54:37.830Z",
      "publishedDate": "2023-10-27T04:54:37.830Z",
      "executionId": "1678607803935",
      "title": "Sample Vulnerability Title",
      "targetName": "EcsTaskDefinition:15 > nginx:1.19.1-alpine-perl",
      "severitySource": "redhat",
      "primaryUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-22965",
      "packages": [
        {
          "packageName": "sample-package",
          "targetName": "EcsTaskDefinition:15 > nginx:1.19.1-alpine-perl",
          "targetType": "sample-target-type",
          "targetPath": "ip-172-31-29-14.ap-southeast-2.compute.internal",
          "targetClass": "os-pkgs",
          "fixedVersion": "1.0.1",
          "installedVersion": "1.0.0"
        }
      ],
      "cwes": [
        {
          "id": "1",
          "name": "CWE-123",
          "cweId": "CWE-123",
          "source": "MITRE",
          "sourceUrl": "https://example.com/cwe/CWE-123",
          "description": "This is a sample CWE description."
        }
      ],
      "hasKev": true,
      "hasExploit": false,
      "hasVendorFix": true,
      "knownExploit": {
        "cveID": "CVE-2022-22965",
        "notes": "",
        "dueDate": "2022-04-25",
        "product": "Spring Framework",
        "dateAdded": "2022-04-04",
        "vendorProject": "VMware",
        "requiredAction": "Apply updates per vendor instructions.",
        "shortDescription": "Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.",
        "vulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability"
      },
      "exploits": [
        {
          "id": "1",
          "title": "Sample Exploit Title",
          "description": "This is a sample exploit description.",
          "source": "MITRE",
          "sourceUrl": "https://example.com/exploit/CVE-2023-12345"
        }
      ],
      "exemptions": [
        {
          "exemptionId": "e26380da-946e-496e-bebe-9774dae93ed5",
          "exemption": {
            "name": "exemption-rule-001",
            "reason": "ACCEPTED_RISK",
            "createdAt": "2025-06-05T04:54:49.495Z",
            "updatedAt": "2025-06-05T04:54:49.495Z",
            "rules": [
              {
                "exemptionType": "ASSET_VULNERABILITY",
                "vulnerabilityId": "CVE-2025-12345",
                "vulnerabilityIds": [
                  "CVE-2025-12345"
                ],
                "assetIds": [
                  "prn:assets:c00720a1-c167-4fbf-87ea-b6172949b62d:aws:ec2:instance:ap-southeast-2:i-02dd74c78250f9f1a"
                ],
                "assetGroupIds": [
                  "e26380da-946e-496e-bebe-9774dae93ed5"
                ],
                "assetRegions": [
                  "ap-southeast-2"
                ],
                "assetTags": [
                  {
                    "key": "Owner",
                    "value": "TeamOne"
                  }
                ],
                "noVendorFix": false
              }
            ]
          }
        }
      ],
      "severityLevelValue": 4
    }
  ],
  "meta": {
    "page": 123,
    "perPage": 123,
    "total": 123,
    "hasNextPage": true,
    "hasPreviousPage": true
  }
}

Authorizations

Authorization

string

header

required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Headers

Authorization

string

required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Content-Type

string

application/json

Query Parameters

vulnerabilityIds

string

Filter vulnerabilities on vulnerability ids. Accepts a comma-separated list with a maximum length of 100

Example:

"CVE-2022-22965,CVE-2022-22966,CVE-2022-22967"

assetIds

string

Filter vulnerabilities on asset ids. Accepts a comma-separated list with a maximum length of 10

Example:

["prn:assets:a,prn:assets:b"]

providers

enum<string>

Filter vulnerabilities based on provider. Accepts a comma-separated list of providers.

Available options:

AWS,

Azure,

GCP,

Kubernetes

Example:

"AWS,GCP"

executionIds

string

Filter vulnerabilities on execution ids. Accepts a comma-separated list with a maximum length of 10

Example:

"1678607803935,1778607801234"

integrationIds

string

Filter vulnerabilities on integration ids. Accepts a comma-separated list with a maximum length of 10

Example:

"UUID1,UUID2"

assetGroupIds

string

Filter vulnerabilities on asset group ids. Accepts a comma-separated list of asset group ids.

Example:

"UUID1,UUID2"

environmentIds

string

Filter vulnerabilities on the environment. This parameter accepts any combination of environment name or environment IDs (UUIDs) in a comma-separated list.

Supported environment names:

production - Production environment
non-production - Non-production environment

Example:

"production,550e8400-e29b-41d4-a716-446655440000"

packageName

string

Filter vulnerabilities on a package name.

Example:

"lodash"

regions

string

Filter vulnerabilities on asset regions.

Example:

"us-east-1,us-west-2"

targetName

string

Filter vulnerabilities on a target name. For ECS Task Definitions this will be {TaskDefinition}:{revision} > {containerImage}

Example:

"EcsTaskDefinition:15 > nginx:1.19.1-alpine-perl"

targetType

string

Filter vulnerabilities on a target type.

Example:

"targetType"

targetClass

string

Filter vulnerabilities on a target class.

Example:

"lang-pkgs,os-pkgs"

hasKev

boolean

Filter vulnerabilities on hasKev. Accepts true or false.

Example:

true

isExempted

boolean

default:false

Filter vulnerabilities based on exemptions. Returns exempted vulnerabilities if set true. Accepts true or false.

Example:

true

isExploitable

boolean

Filter vulnerabilities based on exploitability under the Common Vulnerability Scoring System (CVSS). Accepts true or false.

Example:

true

hasExploit

boolean

Filter vulnerabilities on hasExploit. Accepts true or false.

Example:

true

hasVendorFix

boolean

Filter vulnerabilities where the affected packages have a fixed version. Is true if any affected package has a fixed version. Accepts true or false.

Example:

true

severityLevels

enum<string>

Filter vulnerabilities on severity. Accepts a comma-separated list.

Available options:

CRITICAL,

HIGH,

MEDIUM,

LOW,

INFORMATIONAL,

UNKNOWN

Example:

"CRITICAL,HIGH"

firstObservedAtStart

string<date-time>

Start of the date range for filtering vulnerabilities based on the first observed time. Specify the start of the range using a valid ISO 8601 date-time string. If firstObservedAtStart is provided and firstObservedAtEnd is omitted, results will include vulnerabilities observed from this date to the present. Supported formats include:

yyyy-MM-ddTHH:mm:ssZ (e.g., 2020-12-18T08:00:00Z)
yyyy-MM-ddTHH:mm:ss.SSSZ (e.g., 2020-12-18T08:00:00.000Z)

Example:

"2023-02-01T18:09:07Z"

firstObservedAtEnd

string<date-time>

End of the date range for filtering vulnerabilities based on the first observed time. Specify the end of the range using a valid ISO 8601 date-time string. If firstObservedAtEnd is provided and firstObservedAtStart is omitted, results will include vulnerabilities observed up to this date. Supported formats include:

yyyy-MM-ddTHH:mm:ssZ (e.g., 2020-12-18T08:00:00Z)
yyyy-MM-ddTHH:mm:ss.SSSZ (e.g., 2020-12-18T08:00:00.000Z)

Example:

"2023-02-01T18:09:07Z"

sortBy

enum<string>

Sort results by the specified field.

Available options:

hasKev,

hasExploit,

lastObservedAt,

firstObservedAt,

severityLevelValue

Example:

"hasExploit"

sortOrder

enum<string>

Sort order for the results.

Available options:

ASC,

DESC

Example:

"ASC"

page

integer

default:1

Page number for the results. Accepts a positive integer.

Required range: x >= 1

Example:

10

perPage

integer

default:100

Number of results per page. Accepts a positive integer.

Required range: x <= 2000

Example:

50

Response

Successful response with the list of vulnerabilities

data

object[]

Show child attributes

Overview

API documentation

List Vulnerabilities in a tenant

Authorizations

Headers

Query Parameters

Response