API Reference

Fetch fixes for vulnerabilities in a repository or scan

get
https://api.socket.dev/v0/orgs//fixes

Fetches available fixes for vulnerabilities in a repository or scan. Requires either repo_slug or full_scan_id as well as vulnerability_ids to be provided. vulnerability_ids can be a comma-separated list of GHSA or CVE IDs, or "*" for all vulnerabilities.

Response Structure

The response contains a fixDetails object where each key is a vulnerability ID (GHSA or CVE) and the value is a discriminated union based on the type field.

Common Fields

All response variants include:

  • type: Discriminator field (one of: "fixFound", "partialFixFound", "noFixAvailable", "fixNotApplicable", "errorComputingFix")
  • value: Object containing the variant-specific data

The value object always contains:

  • ghsa: string | null - The GHSA ID
  • cve: string | null - The CVE ID (if available)
  • advisoryDetails: object | null - Advisory details (only if include_details=true)

Response Variants

fixFound: A complete fix is available for all vulnerable packages

  • value.fixDetails.fixes: Array of fix objects, each containing:
    • purl: Package URL to upgrade
    • fixedVersion: Version to upgrade to
    • manifestFiles: Array of manifest files containing the package
    • updateType: "patch" | "minor" | "major" | "unknown"
  • value.fixDetails.responsibleDirectDependencies: (optional) Map of direct dependencies responsible for the vulnerability

partialFixFound: Fixes available for some but not all vulnerable packages

  • Same as fixFound, plus:
  • value.fixDetails.unfixablePurls: Array of packages that cannot be fixed, each containing:
    • purl: Package URL
    • manifestFiles: Array of manifest files

noFixAvailable: No fix exists for this vulnerability (no patched version published)

fixNotApplicable: A fix exists but cannot be applied due to version constraints

  • value.vulnerableArtifacts: Array of vulnerable packages with their manifest files

errorComputingFix: An error occurred while computing fixes

  • value.message: Error description

Advisory Details (when include_details=true)

  • title: string | null
  • description: string | null
  • cwes: string[] - CWE identifiers
  • severity: "LOW" | "MODERATE" | "HIGH" | "CRITICAL"
  • cvssVector: string | null
  • publishedAt: string (ISO date)
  • kev: boolean - Whether it's a Known Exploited Vulnerability
  • epss: number | null - Exploit Prediction Scoring System score
  • affectedPurls: Array of affected packages with version ranges

This endpoint consumes 10 units of your quota.

This endpoint requires the following org token scopes:

  • fixes:list
Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Path Params
string
required

The slug of the organization

Query Params
string

The slug of the repository to fetch fixes for (e.g. "my-repo" or "my-org/my-repo"). Use the full org/repo path to disambiguate when multiple GitHub orgs share the same repo name. Computes fixes based on the latest scan on the default branch

string

The ID of the scan to fetch fixes for

string
required

Comma-separated list of GHSA or CVE IDs, or "*" for all vulnerabilities

boolean
required
Defaults to false

Whether to allow major version updates in fixes

string
Defaults to 0d

Minimum release age for fixes packages (e.g., "1h", "2d", "1w"). Higher values reduces risk of installing recently released untested package versions.

boolean
Defaults to false

Whether to include advisory details in the response

boolean
Defaults to false

Set to include the direct dependencies responsible for introducing the dependency or dependencies with the vulnerability in the response

Responses

Updated 3 months ago

Language
Credentials
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 3 months ago