Build Vulnerability Diff

Xray REST APIs
Products
JFrog Xray
Content Type
REST API

Description: Analyzes and compares vulnerability differences between two build versions.

Since: 3.121

Security: Requires the "Read" role to be set on the User or Group level.

Usage: POST xray/api/v1/diff/build

Sample Request

{
    "source_component_id": "comp_id",
    "target_component_id": "comp_id",
    "group_by": "package_id" // Optional 
}

Sample Response

{
    "data":
    {
        "all":
        {
            "component_details":
            {
                "component_name": "",
                "new_component_version": "",
                "old_component_version": ""
            },
 "new_component_security_count": null,
            "added": [],
            "modified": [],
            "unchanged":
            [
                {
                    "issue":
                    {
                        "applicability_detail":
                        {
                            "component_id": "comp_id",
                            "result": "not_scanned",
                            "source_comp_id": "",
                            "vulnerability_id": "CVE-2025-27152"
                        },
                        "component": "axios",
                        "component_versions":
                        {
                            "fixed_versions":
                            [
                                "0.30.0",
                                "1.8.2"
                            ],
                            "id": "axios",
                            "more_details":
                            {
                                "cves":
                                [
                                    {
                                        "cve": "CVE-2025-27152",
                                        "cwe":
                                        [
                                            "CWE-918"
                                        ],
                                        "cwe_details":
                                        {
                                            "CWE-918":
                                            {
                                                "categories":
                                                [
                                                    {
                                                        "category": "2023 CWE Top 25",
                                                        "rank": "19"
                                                    }
                                                ],
                                                "description": ""
                                            }
                                        }
                                    }
                                ],
                                "description": "",
                                "provider": "JFrog"
                            },
                            "vulnerable_versions": []
                        },
                        "id": "XRAY-676442",
                        "is_high_profile": false,
                        "issue_type": "security",
                        "pkg_type": "npm",
                        "provider": "JFrog",
                        "severity": "High",
                        "source_comp_id": "npm://axios:0.26.1",
                        "source_id": "npm://axios",
                        "vulnerability_id": "CVE-2025-27152"
                    }
                },
            ],
            "removed": []         }
    }
}