CVE Vulnerabilities

Threat Stack utilizes data from a wide variety of sources, including the packages installed on your individual servers to show you potentially vulnerable software. The vulnerabilities endpoint enables you to interact with your vulnerability data.

List Vulnerabilities

Overview

This method enables you to list all vulnerabilities found across the infrastructure in your Threat Stack organization.

NOTE:

The response defaults to display the active and suppressed vulnerabilities.

This endpoint is paginated and returns up to 100 records at a time. See #docTextSection:zR4WHD8nqEMdNENHa.

Sample Queries

Find all CVEs:

https://api.threatstack.com/v2/vulnerabilities

Find all active CVEs:

https://api.threatstack.com/v2/vulnerabilities?status=active

Find all active CVEs for which hasSecurityNotices is available:

https://api.threatstack.com/v2/vulnerabilities?status=active&hasSecurityNotices=true

Find all CVEs for a specific agentId:

https://api.threatstack.com/v2/vulnerabilities?agentId=<foo>
Request
query Parameters
status
string

Limit the response to CVEs that are either active or suppressed.

Enum: "active" "suppressed"
severity
string

Severity of the CVEs to return

Enum: "high" "medium" "low"
agentId
string

The id of the agent to limit the result set to

token
string

This is the Page token of the next set of results to fetch. Responses display paginated results with up to 100 records per page.

hasSecurityNotices
boolean

Include vulnerabilities with security notices (true), or include vulnerabilities with and without security notices (false).

Responses
200

successful operation

400

Bad parameters

401

Missing auth credentials

429

Rate limit hit

500

Something went wrong

get/vulnerabilities
Response samples
application/json
{
  • "cves": [
    ],
  • "token": "string"
}

List Affected Servers by CVE

Overview

This method enables you to list all vulnerabilities found across the infrastructure in your Threat Stack organization.

NOTE:

You can only pass one CVE number at a time.

Sample Queries

Find all of the servers affected by a CVE:

https://api.threatstack.com/v2/vulnerabilities/{CVE}/servers

To find related information about a server that is returned in the affected list, use #endpoint:K3ahcQo6A629apLW7 endpoint to lookup the agentId details.

Error Handling Tips

The 404 error code means that the CVE was not found in the database.

Request
path Parameters
cve
required
string
Responses
200
get/vulnerabilities/{cve}/servers
Response samples
application/json
{
  • "servers": [
    ]
}

List Vulnerabilities by Package

Overview

This method enables you to get the list of CVEs found across the infrastructure in your Threat Stack organization for a specific software package.

NOTE:

You can only pass one package (without a version) at a time.

The response defaults to show both active and suppressed vulnerabilities.

Sample Queries

Find all CVEs for a package, example sudo:

https://api.threatstack.com/v2/vulnerabilities/package/sudo

To get the list of active CVEs for a package:

https://api.threatstack.com/v2/vulnerabilities/package/{package}?status=active

Error Handling Tips

The 400 error code means a required parameter is missing or is not correctly specified as a valid option for a parameter.

Request
path Parameters
rootPackageName
required
string
query Parameters
status
string

Limit the response to CVEs that are either active or suppressed.

Enum: "active" "suppressed"
Responses
200

successful operation

400

Bad parameters

401

Missing auth credentials

429

Rate limit hit

500

Something went wrong

get/vulnerabilities/package/{rootPackageName}
Response samples
application/json
{
  • "cves": [
    ]
}

List Suppressions with Details

Overview

This method enables you to get the list of current CVE suppressions with suppression reason details for your organization.

Sample Queries

Find the list of current CVE suppressions with details:

https://api.threatstack.com/v2/vulnerabilities/suppressions

Error Handling Tips

The 400 error code means a required parameter is missing or is incorrectly specified and not a valid option for the parameter. You may hit this on an active query.

Responses
200

successful operation

400

Bad parameters

401

Missing auth credentials

429

Rate limit hit

500

Something went wrong

get/vulnerabilities/suppressions
Response samples
application/json
{
  • "suppressions": [
    ]
}

List all suppressed vulnerabilities by package

Overview

This method enables you to list all of the suppressed CVEs for a specific package.

NOTE: The list does not show the version of the suppressed CVEs.

Other Related Endpoints:

To view all CVE suppressions and reasonings, use this endpoint #endpoint:zuBjDgw86x5adaX8n.

To view all of the active, unsuppressed CVEs for a package, use this endpoint #endpoint:9tc3iNQqAfjoyM6S4.

Request
path Parameters
rootPackageName
required
string
Responses
200

successful operation

400

Bad parameters

401

Missing auth credentials

429

Rate limit hit

500

Something went wrong

get/vulnerabilities/package/{rootPackageName}/suppressed
Response samples
application/json
{
  • "cves": [
    ]
}

List all suppressed vulnerabilities

Overview

The method enables you to list all of the suppressed CVEs in your Threat Stack Organization.

The list will return all suppressed CVEs.

Learn more about Threat Stack and vulnerability suppression:

If you suppress a vulnerability, then the vulnerability for that package version is no longer assessed during a Vulnerability Assessment scan. It will display on a suppressed vulnerabilities list, and will not be listed as an active vulnerability. See the Suppressing Vulnerabilites FAQ article for more information.

Available Queries

Here are the queries available for this endpoint.

Filter for a Specific Server

To view CVES for a particular server you can use one of the following query params:

  • agentId - The id of the agent
  • hostname - the name of the host

You may only use one of these options per query. If multiple are used, the api will return a Bad Request.

Filter for a Specific Suppressed Vulnerability Severity

To view suppressed CVEs of a specific severity, use the severity query parameter. You can filter for high, medium, or low severities within Theat Stack. For example, to view all low severity, suppressed CVEs:

https://api.threatstack.com/v2/vulnerabilities/suppressed?severity=low

To view all active, unsuppressed CVEs use this endpoint #endpoint:W7t3LDLPHQG9tT4Ni.

Request
query Parameters
severity
string

Severity of the CVEs to return

agentId
string

The id of the agent to limit the result set to

hostname
string

The hostname of the server to limit the result set to

Responses
200
get/vulnerabilities/suppressed
Response samples
application/json
{
  • "cves": [
    ],
  • "token": "string"
}