> ## Documentation Index > Fetch the complete documentation index at: https://zeropath.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # List SCA vulnerabilities > Search and paginate SCA package vulnerabilities derived from inventory and metadata. ## OpenAPI ````yaml https://zeropath.com/openapi/v1.yaml post /api/v1/sca/vulnerabilities/search openapi: 3.1.0 info: title: ZeroPath API version: 1.0.0 description: Public API for ZeroPath servers: - url: https://zeropath.com description: Production server x-fern-server-name: Production - url: https://dev.branch.zeropath.com description: Development server x-fern-server-name: Development security: - apiTokenId: [] apiTokenSecret: [] tags: - name: Organizations description: Operations related to organizations - name: Stats description: Operations related to stats - name: Repositories description: Operations related to repositories - name: Installations description: Operations related to installations - name: Issues description: Operations related to issues - name: SCA description: Software Composition Analysis - name: Scans description: Operations related to scans - name: Rules description: Operations related to custom security rules - name: Referrals description: Operations related to referrals paths: /api/v1/sca/vulnerabilities/search: post: tags: - SCA summary: List SCA vulnerabilities description: >- Search and paginate SCA package vulnerabilities derived from inventory and metadata. requestBody: content: application/json: schema: $ref: '#/components/schemas/ListScaVulnerabilitiesInput' responses: '200': description: Successful response content: application/json: schema: $ref: '#/components/schemas/ScaVulnerabilityListResponse' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' components: schemas: ListScaVulnerabilitiesInput: type: object properties: organizationId: type: string repositoryIds: type: array items: type: string page: type: integer minimum: 1 default: 1 pageSize: type: integer minimum: 1 default: 50 searchQuery: type: string ecosystems: type: array items: type: string groupBy: type: string enum: - none - cve - cve_manifest default: none description: Group vulnerabilities by CVE or by CVE+manifest advisoryQuery: type: string description: Filter by advisory identifier or alias (CVE, GHSA, etc.) dependencyNames: type: array items: type: string description: Filter by dependency/package names (contains match) transitivity: type: string enum: - direct - transitive description: >- Filter by direct vs transitive dependencies. When omitted, returns both direct and transitive. reachability: type: array items: type: string enum: - reachable - needs_review - unreachable description: >- Filter by exploitability status. When omitted, defaults to all three: reachable, needs_review, and unreachable. ScaVulnerabilityListResponse: type: object properties: vulnerabilities: type: array items: $ref: '#/components/schemas/ScaVulnerability' totalCount: type: integer page: type: integer pageSize: type: integer ScaVulnerability: type: object properties: id: type: string package: type: object properties: id: type: string name: type: string version: type: - string - 'null' ecosystem: type: string manifestPath: type: - string - 'null' manifestStartLine: type: - integer - 'null' manifestEndLine: type: - integer - 'null' manifestStartColumn: type: - integer - 'null' manifestEndColumn: type: - integer - 'null' metadata: type: object properties: id: type: string packageIdentifier: type: string aliases: type: array items: type: string references: type: array items: type: string summary: type: string description: type: string severityScore: type: - number - 'null' severity: type: - string - 'null' enum: - critical - high - medium - low - info - null repositoryId: type: string branch: type: string commitSha: type: string codeScanVulnerabilityId: type: - string - 'null' description: ID of the related CodeScanVulnerability issue count: type: integer description: Number of occurrences in this group items: type: array description: Representative items in this group items: $ref: '#/components/schemas/ScaVulnerability' required: - id - package - metadata - repositoryId - branch - commitSha responses: BadRequest: description: Bad Request content: application/json: schema: type: object properties: error: type: string Unauthorized: description: Unauthorized content: application/json: schema: type: object properties: error: type: string securitySchemes: apiTokenId: type: apiKey in: header name: X-ZeroPath-API-Token-Id x-fern-header: name: apiTokenId env: ZEROPATH_API_TOKEN_ID apiTokenSecret: type: apiKey in: header name: X-ZeroPath-API-Token-Secret x-fern-header: name: apiTokenSecret env: ZEROPATH_API_TOKEN_SECRET ````