List vulnerability findings

GET

/v1/vulnerability-findings

Code sample: cURL

curl --request GET \
  --url 'https://api.furl.ai/v1/vulnerability-findings' \
  --header 'Authorization: Bearer YOUR_API_KEY'

Returns a paginated list of vulnerability findings in the organization.

Authorizations

• bearerAuth

Parameters

Query Parameters

limit

integer

default: 50 >= 1 <= 100

Maximum number of findings to return.

offset

integer

0

Number of findings to skip for pagination.

endpointId

string format: uuid

Filter by endpoint ID.

targetId

string format: uuid

Filter by remediation target ID.

severity

string

Allowed values: critical high medium low info

Filter by severity level.

status

string

Allowed values: open remediated

Filter by finding status.

isKev

boolean

Filter by whether the finding is in the CISA Known Exploited Vulnerabilities catalog.

cve

string

Filter by CVE identifier (e.g., CVE-2024-1234).

Responses

200

Paginated list of vulnerability findings.

Media type application/json

object

data

required

Data

The list of vulnerability findings.

Array<object>

Vulnerability Finding

A vulnerability finding discovered on an endpoint.

object

id

required

ID

Unique identifier for the vulnerability finding.

string format: uuid

endpoint_id

required

Endpoint ID

The endpoint where this vulnerability was discovered.

string format: uuid

target_id

required

Target ID

The remediation target associated with this vulnerability.

string format: uuid

nullable

cve

required

CVE

The CVE identifier for this vulnerability (e.g., CVE-2024-1234).

string

nullable

severity

required

Severity

The severity level of the vulnerability.

string

Allowed values: critical high medium low info

cvss_score

required

CVSS Score

The CVSS score of the vulnerability (0-10).

number

nullable <= 10

is_kev

required

Is KEV

Whether this vulnerability is in the CISA Known Exploited Vulnerabilities catalog.

boolean

status

required

Status

The lifecycle status of the vulnerability finding.

string

Allowed values: open remediated

source

required

Source

The source that discovered this vulnerability.

string

title

required

Title

Human-readable title of the vulnerability.

string

nullable

description

required

Description

Detailed description of the vulnerability.

string

nullable

solution

required

Solution

Recommended solution or remediation steps.

string

nullable

detected_at

required

Detected At

When this vulnerability was first detected.

string format: date-time

remediated_at

required

Remediated At

When this vulnerability was remediated.

string format: date-time

nullable

created_at

required

Created At

When this finding record was created.

string format: date-time

updated_at

required

Updated At

When this finding record was last updated.

string format: date-time

total

required

Total

Total number of findings matching the filters.

integer

limit

required

Limit

Page size used.

integer

offset

required

Offset

Offset used.

integer

Example

{
  "data": [
    {
      "severity": "critical",
      "status": "open"
    }
  ]
}

401

Missing or invalid API key.

Media type application/json

object

error

required

Human-readable error message.

string

Example ^generated

{
  "error": "example"
}

500

Internal server error.

Media type application/json

object

error

required

Human-readable error message.

string

Example ^generated

{
  "error": "example"
}