# scaVulnerability
Details of a Software Composition Analysis (SCA) vulnerability.
### Examples
```graphql
type SCAVulnerability {
issueId: String
oxSeverity: String
severityNumberFromTool: String
severityFromTool: String
cve: String
cveLink: String
cvsVer: String
cvssVersion: Float
epss: Float
percentile: Float
libName: String
dependencyChain: String
runtimeStatus: String
runtimeContext: RuntimeInfo
libVersion: String
chainDepth: Int
exploitInTheWild: Boolean
exploitInTheWildLink: String
description: String
dateDiscovered: String
minorVerWithFix: String
majorVerWithFix: String
exploitRequirement: String
exploitCode: String
originalSeverity: String
}
```
### Fields
| Field | Description | Supported fields |
| --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- |
| issueId `String` | ID of the related issue | |
| oxSeverity `String` | Severity according to the OX scoring system | |
| severityNumberFromTool `String` | Severity number as reported by the scanning tool | |
| severityFromTool `String` | Severity description as reported by the scanning tool | |
| cve `String` | CVE identifier | |
| cveLink `String` | URL link to detailed CVE information | |
| cvsVer `String` | Version of the CVS standard used | |
| cvssVersion `Float` | Version number of the CVSS standard used | |
| epss `Float` | Exploit Prediction Scoring System (EPSS) score | |
| percentile `Float` | Percentile ranking of the vulnerability | |
| libName `String` | Name of the vulnerable library | |
| dependencyChain `String` | Dependency chain leading to the vulnerable library | |
| runtimeStatus `String` | Runtime status of the library | |
| runtimeContext [`RuntimeInfo`](/api-documentation/api-reference/api--issue/types/objects/runtime-info.md) | Runtime information including status and cloud contexts | runtimeStatus String
cloudContexts \[RuntimeContext]
|
| libVersion `String` | Version of the vulnerable library | |
| chainDepth `Int` | Depth level in the dependency chain | |
| exploitInTheWild `Boolean` | Indicates if an exploit exists in the wild | |
| exploitInTheWildLink `String` | URL to exploit details if available | |
| description `String` | Description of the vulnerability | |
| dateDiscovered `String` | Date when the vulnerability was discovered | |
| minorVerWithFix `String` | Minor version of the library that includes a fix | |
| majorVerWithFix `String` | Major version of the library that includes a fix | |
| exploitRequirement `String` | Requirements for exploiting the vulnerability | |
| exploitCode `String` | Code or technique used for exploit | |
| originalSeverity `String` | Original severity rating of the vulnerability | |
### References
#### Fields with this object:
* [{} SbomLib.vulnerabilities](/api-documentation/api-reference/api--issue/types/objects/sbom-lib.md)
* [{} Issue.scaVulnerabilities](/api-documentation/api-reference/api--issue/types/objects/issue.md)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ox.security/api-documentation/api-reference/api--issue/types/objects/sca-vulnerability.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.