ModernPentestModernPentest
Vulnerabilities

List vulnerabilities

Returns a paginated list of vulnerabilities across all applications, with aggregation statistics.

Required permission: vulnerabilities:read

GET
/api/v1/vulnerabilities

Authorization

ApiKeyAuth
X-API-Key<token>

API key for authentication. Create API keys in Settings > API Keys. Format: mpt_<32 hex characters>

In: header

Query Parameters

limit?integer

Maximum number of items to return

Default20
Range1 <= value <= 100
offset?integer

Number of items to skip for pagination

Default0
Range0 <= value
application_id?string

Filter by application ID

severity?string

Filter by severity (comma-separated for multiple)

status?string

Filter by status (comma-separated for multiple)

owasp_category?string

Filter by OWASP category (comma-separated for multiple)

sort_by?string

Field to sort by

Value in"severity" | "status" | "first_detected_at" | "last_detected_at"
sort_order?string

Sort order

Default"desc"
Value in"asc" | "desc"

Response Body

application/json

application/json

application/json

application/json

application/json

curl -X GET "https://api.modernpentest.com/api/v1/vulnerabilities?severity=critical%2Chigh&status=open%2Cin_remediation&owasp_category=A01%2CA03"
{
  "vulnerabilities": [
    {
      "id": "string",
      "title": "string",
      "description": "string",
      "severity": "critical",
      "status": "open",
      "owasp_category": "string",
      "cwe_id": "string",
      "vulnerability_type": "string",
      "application_id": "string",
      "application_name": "string",
      "first_detected_at": 0,
      "last_detected_at": 0,
      "fixed_at": 0,
      "remediated_at": 0,
      "detection_count": 0,
      "technical_context": {
        "endpoint": "string",
        "method": "string",
        "parameter": "string",
        "affected_component": "string"
      },
      "evidence": {
        "proof_of_concept": "string",
        "observed_behavior": "string",
        "vulnerable_endpoint": "string",
        "vulnerable_parameter": "string"
      },
      "business_impact": "string",
      "remediation": {
        "immediate_action": "string",
        "steps": [
          "string"
        ],
        "references": [
          "string"
        ]
      },
      "remediation_effort": {
        "estimated_hours": 0,
        "effort_level": "string",
        "complexity": "string"
      },
      "assigned_to": "string",
      "due_date": 0,
      "priority": "string",
      "exploit_available": true,
      "created_at": 0
    }
  ],
  "aggregations": {
    "by_severity": {
      "critical": 0,
      "high": 0,
      "medium": 0,
      "low": 0,
      "info": 0
    },
    "by_status": {
      "open": 0,
      "in_remediation": 0,
      "remediated": 0,
      "fixed": 0,
      "accepted_risk": 0,
      "false_positive": 0
    },
    "by_owasp_category": {
      "property1": 0,
      "property2": 0
    }
  },
  "pagination": {
    "total": 0,
    "limit": 0,
    "offset": 0,
    "has_more": true
  }
}
{
  "error": {
    "code": "UNAUTHENTICATED",
    "message": "Invalid or missing API key",
    "timestamp": 1734567890000
  }
}
{
  "error": {
    "code": "FORBIDDEN",
    "message": "Missing required permission: applications:read",
    "timestamp": 1734567890000
  }
}
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Rate limit exceeded. Try again in 45 seconds.",
    "timestamp": 1734567890000
  }
}
{
  "error": {
    "code": "INTERNAL_ERROR",
    "message": "An unexpected error occurred",
    "timestamp": 1734567890000
  }
}

Last updated: February 1, 2026

Trigger a new pentest POST

Previous Page

Get vulnerability details GET

Next Page