All Products
Search
Document Center

Security Center:DescribeGroupedVul

Last Updated:Jun 16, 2026

Queries vulnerability information by group.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sas:DescribeGroupedVul

get

*All Resource

*

  • acs:ResourceGroupId
None

Request parameters

Parameter

Type

Required

Description

Example

Lang

string

No

The language type of the request and response. Default value: zh. Valid values:

  • zh: Chinese

  • en: English.

zh

Type

string

No

The type of the vulnerability to query. Default value: cve. Valid values:

  • cve: Linux software vulnerability

  • sys: Windows system vulnerability

  • cms: Web-CMS vulnerability

  • app: application vulnerability (network scan)

  • sca: application vulnerability (software constituency parsing).

cve

Uuids

string

No

The UUIDs of the servers to query. Separate multiple UUIDs with commas (,).

d42f938c-d962-48a0-90f9-05e4ea****

AliasName

string

No

The alias of the vulnerability to query.

RHSA-2019:0230-Important: polkit security update

Necessity

string

No

The priority of the vulnerability fix to query. Separate multiple priorities with commas (,). Valid values:

  • asap: high

  • later: medium

  • nntf: low.

asap,later,nntf

Dealed

string

No

Specifies whether the vulnerability is handled. Valid values:

  • y: handled

  • n: not handled.

n

CurrentPage

integer

No

The page number of the first page to display in the query results. Default value: 1, which indicates that the results start from page 1.

1

PageSize

integer

No

The number of vulnerability entries per page in a paged query. Default value: 10, which indicates that 10 vulnerability entries are displayed per page.

20

GroupId

string

No

The ID of the asset group.

235454

CveId

string

No

The CVE ID.

Note

Call the DescribeVulListPage operation to obtain this parameter.

CVE-2017-15420

ContainerFieldName

string

No

The container search field. Valid values:

  • instanceId: instance ID

  • appName: application name

  • clusterId: cluster ID

  • regionId: region

  • nodeName: node name

  • namespace: namespace

  • clusterName: cluster name

  • image: image name

  • imageRepoName: image repository name

  • imageRepoNamespace: image repository namespace

  • imageRepoTag: image tag

  • imageDigest: image digest.

appName

ContainerFieldValue

string

No

The value that corresponds to ContainerFieldName.

cc914b0df156d40148412afe4a581****

TargetType

string

No

The container query type. Valid values:

  • containerId: container ID

  • uuid: asset ID.

containerId

ClusterId

string

No

The cluster ID.

c88fb10da1168494091db6aafc5dd****

SearchTags

string

No

The label used for filtering. Valid values:

  • Restart required

  • Remote utilization

  • EXP exists

  • Available

  • Privilege escalation

  • Code execution

Code Execution

AttachTypes

string

No

The vulnerability type. This query condition is valid only for application vulnerabilities. Separate multiple values with commas (,). Valid values:

  • sca: software constituency parsing vulnerability

  • app: application vulnerability.

sca

AssetType

string

No

The Asset Type where the vulnerability is detected. Separate multiple types with commas (,). Valid values:

  • ECS: host asset

  • CONTAINER: container asset.

ECS,CONTAINER

ResourceDirectoryAccountId

integer

No

The ID of the Alibaba Cloud account that is added as one of the member accounts in a resource folder.

Note

Invoke the DescribeMonitorAccounts operation to obtain this parameter.

127608589417****

RaspDefend

integer

No

Specifies whether Runtime Application Self-Protection (RASP) supports real-time protection against the vulnerability. Valid values:

  • 0: Not supported.

  • 1: Supported.

1

Response elements

Element

Type

Description

Example

object

The response for querying vulnerability information by group.

CurrentPage

integer

The page number of the current page in a paged query.

1

RequestId

string

The request ID, which is a unique identifier generated by Alibaba Cloud for the request. You can use this ID to troubleshoot issues.

9BFA6D78-07EA-5C0A-9358-E4434573507B

PageSize

integer

The number of vulnerability entries per page in a paged query. Default value: 10, which indicates that 10 vulnerability entries are displayed per page.

20

TotalCount

integer

The total number of query results.

1

GroupedVulItems

array<object>

The vulnerability information returned by the query.

object

Type

string

The type of the vulnerability. Valid values:

  • cve: Linux software vulnerability

  • sys: Windows system vulnerability

  • cms: Web-CMS vulnerability

  • app: application vulnerability

  • emg: emergency vulnerability

  • sca: software constituency parsing.

cve

NntfCount

integer

The number of vulnerabilities with a fix priority of low.

59

RaspDefend

integer

Indicates whether RASP real-time protection is supported. Valid values:

  • 0: Not supported.

  • 1: Supported.

Note

If this property is not present, RASP real-time protection is not supported.

1

HandledCount

integer

The number of handled vulnerabilities.

0

GmtFirst

integer

The timestamp when the vulnerability was first detected, in milliseconds.

1639371046000

GmtLast

integer

The timestamp when the vulnerability was last detected, in milliseconds.

1639371446000

Tags

string

The vulnerability label. Valid values:

  • Restart required

  • Remote utilization

  • EXP exists

  • Available

  • Privilege escalation

  • Code execution

Code Execution

LaterCount

integer

The number of vulnerabilities with a fix priority of medium.

0

AliasName

string

The alias of the vulnerability.

RHSA-2017:0184-Important: mysql security update

Name

string

The name of the vulnerability.

oval:com.redhat.rhsa:def:20170184

TotalFixCount

integer

The total number of fixed vulnerabilities.

0

AsapCount

integer

The number of vulnerabilities with a fix priority of high.

0

Related

string

The list of CVEs associated with the vulnerability.

CVE-2023-24881,CVE-2023-24898

LanguageType

string

The language type associated with the vulnerability. Valid values:

  • java

  • php

Note

This parameter applies only to sca vulnerabilities.

java

Examples

Success response

JSON format

{
  "CurrentPage": 1,
  "RequestId": "9BFA6D78-07EA-5C0A-9358-E4434573507B",
  "PageSize": 20,
  "TotalCount": 1,
  "GroupedVulItems": [
    {
      "Type": "cve",
      "NntfCount": 59,
      "RaspDefend": 1,
      "HandledCount": 0,
      "GmtFirst": 1639371046000,
      "GmtLast": 1639371446000,
      "Tags": "Code Execution",
      "LaterCount": 0,
      "AliasName": "RHSA-2017:0184-Important: mysql security update",
      "Name": "oval:com.redhat.rhsa:def:20170184",
      "TotalFixCount": 0,
      "AsapCount": 0,
      "Related": "CVE-2023-24881,CVE-2023-24898",
      "LanguageType": "java"
    }
  ]
}

Error codes

HTTP status code

Error code

Error message

Description

400 NoPermission no permission
400 RdCheckNoPermission Resource directory account verification has no permission.
500 ServerError ServerError
500 RdCheckInnerError Resource directory account service internal error.
403 NoPermission caller has no permission

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.