Exports vulnerabilities.

Usage notes

You can call the ExportVul operation to export the following types of vulnerabilities: Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, application vulnerabilities, and urgent vulnerabilities.

You can use this operation together with the DescribeVulExportInfo operation. After you call the ExportVul operation to create a vulnerability export task, you can call the DescribeVulExportInfo operation to query the progress of the task by using the ID of the task.


You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ExportVul

The operation that you want to perform. Set the value to ExportVul.

Lang String No zh

The language of the content within the request and response. Default value: zh. Valid values:

  • zh: Chinese
  • en: English
Type String No app

The type of the vulnerabilities that you want to export. Valid values:

  • cve: Linux software vulnerabilities
  • sys: Windows system vulnerabilities
  • cms: Web-CMS vulnerabilities
  • app: application vulnerabilities
  • emg: urgent vulnerabilities
Uuids String No 1587bedb-fdb4-48c4-9330-****

The UUID of the server on which the vulnerabilities are detected. Separate multiple UUIDs with commas (,).

AliasName String No Privilege escalation vulnerability in OpenSSH (CVE-2021-41617)

The name of the vulnerability.

Necessity String No asap

The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values:

  • asap: high
  • later: medium
  • nntf: low
Dealed String No n

Specifies whether the vulnerabilities are fixed. Valid values:

  • y: yes
  • n: no
GroupId String No 8834224

The server group ID of the server on which the vulnerabilities are detected. You can call the DescribeAllGroups operation to query the IDs of server groups.

SearchTags String No VPC

The commonly used search condition for the vulnerabilities. Valid values:

  • Scan methods
  • Server groups
  • VPC
AttachTypes String No sca

The additional type of vulnerabilities. You can specify this parameter when you query application vulnerabilities. If Type is set to app, you must specify this parameter. Set the value to sca.

Note If this parameter is set to sca, application vulnerabilities and the vulnerabilities that are detected based on software component analysis are queried. If you do not specify this parameter, only application vulnerabilities are queried.
VpcInstanceIds String No ins-133****,ins-5414****

The virtual private cloud (VPC) ID of the server on which the vulnerabilities are detected. Separate multiple IDs with commas (,). You can call the DescribeVpcList operation to query the IDs of VPCs.

Response parameters

Parameter Type Example Description
RequestId String E1FAB2B8-DF4D-55DF-BC3D-5C3CA6FD5B13

The ID of the request, which is used to locate and troubleshoot issues.

FileName String app_20211101

The name of the exported file.

Id Long 81634

The ID of the exported file.


Sample requests

&AliasName=Privilege escalation vulnerability in OpenSSH (CVE-2021-41617)
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "RequestId" : "E1FAB2B8-DF4D-55DF-BC3D-5C3CA6FD5B13",
  "FileName" : "app_20211101",
  "Id" : 81634

Error codes

For a list of error codes, visit the API Error Center.