> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get vulnerability by ID

> Gets a vulnerability by an ID.



## OpenAPI

````yaml /reference/manage-vanta.json get /vulnerabilities/{vulnerabilityId}
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /vulnerabilities/{vulnerabilityId}:
    get:
      tags:
        - Vulnerabilities
      summary: Get vulnerability by ID
      description: Gets a vulnerability by an ID.
      operationId: GetVulnerability
      parameters:
        - in: path
          name: vulnerabilityId
          required: true
          schema:
            type: string
          example: 64abcc129ff483012345d789
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Vulnerability'
              examples:
                Example 1:
                  value:
                    id: a2f7e1b9d0c3f4e5a6c7b8d9
                    name: CVE-2021-12345
                    description: >-
                      MariaDB before 10.6.2 allows an application crash because
                      of mishandling of a pushdown from a HAVING clause to a
                      WHERE clause.
                    integrationId: Inspector
                    packageIdentifier: package
                    vulnerabilityType: COMMON
                    targetId: targetId
                    externalId: 12345678-abcd-cdef-ab12-abcd1234bbbc
                    firstDetectedDate: '2021-01-01T00:00:00.000Z'
                    sourceDetectedDate: '2021-01-01T00:00:00.000Z'
                    lastDetectedDate: '2021-01-01T00:00:00.000Z'
                    severity: CRITICAL
                    cvssSeverityScore: 9.8
                    scannerScore: 100
                    isFixable: true
                    fixedVersion: 10.6.2
                    remediateByDate: '2021-01-01T00:00:00.000Z'
                    relatedVulns:
                      - CVE-2021-12345
                    relatedUrls:
                      - >-
                        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-12345
                    externalURL: >-
                      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-12345
                    scanSource: Not provided
                    deactivateMetadata:
                      deactivatedBy: b2f7e1b9d0c3f4e5a6c7b123
                      deactivatedOnDate: '2021-01-01T00:00:00.000Z'
                      deactivationReason: fix is too hard to carry out
                      deactivatedUntilDate: null
                      isVulnDeactivatedIndefinitely: true
      security:
        - bearerAuth: []
components:
  schemas:
    Vulnerability:
      properties:
        id:
          type: string
          description: Unique identifier for the vulnerability.
        name:
          type: string
          description: Display name of the vulnerability.
        description:
          type: string
          description: Description of the vulnerability.
        integrationId:
          type: string
          description: Integration that the vulnerability is scanned by.
        packageIdentifier:
          type: string
          nullable: true
          description: |-
            Identifier for the package that the vulnerability is found on.
            Only relevant to vulnerabilities of type COMMON or GROUPED.
        vulnerabilityType:
          $ref: '#/components/schemas/VulnerabilityType'
          description: |-
            Type of the vulnerability.
            Possible values: CONFIGURATION, COMMON, GROUPED.
        targetId:
          type: string
          description: >-
            Unique identifier for the underlying resource that the vulnerability
            is found on.
        firstDetectedDate:
          type: string
          format: date-time
          description: Date when the vulnerability was first detected by Vanta.
        sourceDetectedDate:
          type: string
          format: date-time
          nullable: true
          description: Date when the vulnerability was first detected by the source.
        lastDetectedDate:
          type: string
          format: date-time
          nullable: true
          description: Date when the vulnerability was last detected.
        severity:
          $ref: '#/components/schemas/ExternalFindingSeverityType'
          description: |-
            Severity of the vulnerability.
            Possible values: LOW, MEDIUM, HIGH, CRITICAL.
        cvssSeverityScore:
          type: number
          format: double
          nullable: true
          description: CVSS severity score of the vulnerability.
        scannerScore:
          type: number
          format: double
          nullable: true
          description: Scanner score of the vulnerability.
        isFixable:
          type: boolean
          description: Whether the vulnerability is fixable.
        remediateByDate:
          type: string
          format: date-time
          nullable: true
          description: Date when the vulnerability should be remediated by.
        relatedVulns:
          items:
            type: string
          type: array
          description: |-
            Related vulnerabilities.
            Only relevant to vulnerabilities of type GROUPED.
        relatedUrls:
          items:
            type: string
          type: array
          description: Related URLs.
        externalURL:
          type: string
          description: External URL for the vulnerability.
        scanSource:
          type: string
          description: Scanning tool that detected the vulnerability
        deactivateMetadata:
          properties:
            isVulnDeactivatedIndefinitely:
              type: boolean
              description: Whether the vulnerability is deactivated indefinitely.
            deactivatedUntilDate:
              type: string
              format: date-time
              nullable: true
              description: Date when the vulnerability will be reactivated.
            deactivationReason:
              type: string
              description: Reason for deactivating the vulnerability.
            deactivatedOnDate:
              type: string
              format: date-time
              description: Date when the vulnerability was deactivated.
            deactivatedBy:
              type: string
              description: Identifier of the user who deactivated the vulnerability.
          required:
            - isVulnDeactivatedIndefinitely
            - deactivatedUntilDate
            - deactivationReason
            - deactivatedOnDate
            - deactivatedBy
          type: object
          nullable: true
          description: Metadata for the deactivation of the vulnerability.
        fixedVersion:
          type: string
          nullable: true
          description: >-
            Package version that remediates the vulnerability when reported by
            the scanner.

            Null when unknown or not applicable.
        externalId:
          type: string
          nullable: true
          description: >-
            Identifier for the affected asset in the source system that detected
            the vulnerability.
      required:
        - id
        - name
        - description
        - integrationId
        - packageIdentifier
        - vulnerabilityType
        - targetId
        - firstDetectedDate
        - sourceDetectedDate
        - lastDetectedDate
        - severity
        - cvssSeverityScore
        - scannerScore
        - isFixable
        - remediateByDate
        - relatedVulns
        - relatedUrls
        - externalURL
        - deactivateMetadata
        - fixedVersion
        - externalId
      type: object
      additionalProperties: false
    VulnerabilityType:
      type: string
      enum:
        - CONFIGURATION
        - COMMON
        - GROUPED
    ExternalFindingSeverityType:
      type: string
      enum:
        - CRITICAL
        - HIGH
        - LOW
        - MEDIUM
      nullable: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````