Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
API description
Retrieves a list of all vulnerabilities.
Supports OData V4 queries.
OData supported operators:
$filter on: id, name, description, cvssV3, publishedOn, severity, and updatedOn properties.
$top with max value of 8,000.
$skip.
See examples at OData queries with Microsoft Defender for Endpoint.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Use Microsoft Defender for Endpoint APIs for details.
| Permission type | Permission | Permission display name |
|---|---|---|
| Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' |
| Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' |
HTTP request
GET /api/vulnerabilities
Request headers
| Name | Type | Description |
|---|---|---|
| Authorization | String | Bearer {token}. Required. |
Request body
Empty
Response
If successful, this method returns 200 OK with the list of vulnerabilities in the body.
Example
Request example
Here's an example of the request.
GET https://api.securitycenter.microsoft.com/api/Vulnerabilities
Response example
Here's an example of the response.
{
"@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities",
"value": [
{
"id": "CVE-2024-7256",
"name": "CVE-2024-7256",
"description": "Summary: Google Chrome is vulnerable to a security bypass due to insufficient data validation in Dawn. An attacker can exploit this vulnerability by tricking a user into visiting a malicious website, allowing them to bypass security restrictions. Impact: If successfully exploited, this vulnerability could allow a remote attacker to bypass security restrictions in Google Chrome. Remediation: Apply the latest patches and updates provided by the respective vendors. Generated by AI",
"severity": "High",
"cvssV3": 8,
"cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"exposedMachines": 23,
"publishedOn": "2024-07-30T00:00:00Z",
"updatedOn": "2024-07-31T00:00:00Z",
"firstDetected": "2024-07-31T01:55:47Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": [],
"cveSupportability": "Supported",
"tags": [],
"epss": 0.632
}
]
}