Export vulnerabilities

post

https://cloud.tenable.com/vulns/export

Exports vulnerabilities that match the request criteria.

Users need at least the Basic [16] user permission or the VM.VM_EXPLORE.VM_EXPLORE.EXPORT custom role privilege. Additionally, requires the Can View access control permission for the asset objects to be exported. The Can View access control permission can be set for all assets with the All Assets object. Administrator [64] users can export without the explicit Can View access control permission.

For more information about this endpoint, see guidelines and limitations described in Retrieve Vulnerability Data from Vulnerability Management. For request examples, see Refine Vulnerability Export Requests.

Caution: The vpr_v2_score filter parameter is scheduled for deprecation on July 1, 2026 as part of the transition to VPR v2. To ensure continued functionality, update all integrations to use the vpr_score filter parameter. On the deprecation date, the system will update vpr_score to support the new VPR model. For more information, see Vulnerability Priority Rating: Transition to VPR Version 2.

Note: There are limits for concurrent export requests. For more information, see Concurrency Limiting and Rate Limiting.

Requires the Basic [16] user role or the VM.VM_EXPLORE.VM_EXPLORE.EXPORT custom role privilege. Additionally, requires the Can View access control permission for the asset objects to be exported. Administrator [64] users can export without the explicit Can View access control permission. See Roles and Permissions.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

num_assets

int32

50 to 5000

Defaults to 50

Specifies the number of assets used to chunk the vulnerabilities. The vulnerabilities export is split up by number of asset IDs in a chunk. The exported data of a chunk is the sum of all the vulnerabilities for each asset in that chunk. The range for number of assets in a chunk is a minimum of 50 (the default size) to a maximum of 5,000. If you specify a value outside this range, the system uses the upper or lower-bound value.

include_unlicensed

boolean

Defaults to false

Specifies whether or not to include unlicensed assets. The default is false when no parameter is specified.

include_software_vulns

boolean

Defaults to false

Specifies whether to include software package attribution data in the export output. If set to true, the system populates each vulnerability record with a software_vulns array containing details such as the package identifier, version, vendor, available fixes, and confidence classification. If omitted, the system uses the default value of false and excludes this data.

filters

object

Specifies filters to apply to the vulnerabilities export.

Note: By default, vulnerability exports will only include accepted and non-accepted vulnerabilities found or fixed within the last 30 days if no time-based filters are submitted with the request.

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

400

Returned if your request specified invalid parameters or if your request was improperly formatted.

403

Returned if you do not have permission to export vulnerabilities.

200Returned if Tenable Vulnerability Management successfully queued a vulnerability export request.

409Returned if your request was a duplicate of an ongoing export that was already submitted. Tenable Vulnerability Management prevents duplicate exports from running concurrently. For example, export requests with the same filters.

429Returned if you attempt to send too many requests in a specific period of time. For more information, see Rate Limiting and Concurrency Limiting.