diff --git a/app/controllers/Statistics.scala b/app/controllers/Statistics.scala
index b03c282..7ab18c6 100644
--- a/app/controllers/Statistics.scala
+++ b/app/controllers/Statistics.scala
@@ -12,6 +12,7 @@ import models.LibraryTag
 import modules.TemplateCustomization
 import org.joda.time.DateTime
 import play.api.i18n.MessagesApi
+import play.api.libs.json.Json.JsValueWrapper
 import play.api.libs.json._
 import play.twirl.api.Txt
 import services._
@@ -91,7 +92,6 @@ object Statistics{
   //implicit val groupedDependencyFormats = Json.format[GroupedDependency]
   implicit val groupedVulnerableDependencyDetailedIdentifierWrites = Json.writes[GroupedVulnerableDependencyDetailedIdentifier]
   implicit val canonizedGroupedVulnerableDependencyDetailedIdentifierWrites = Json.writes[CanonizedGroupedVulnerableDependencyDetailedIdentifier]
-
 }
 
 //noinspection TypeAnnotation
@@ -373,6 +373,18 @@ class Statistics @Inject()(
     }
   }
 
+  def libraryVulnerabilities(depId: com.ysoft.odc.Hashes) = ApiAction(ScanResults).async { implicit req =>
+    val (lastRefreshTime, resultsFuture) = projectReportsProvider.resultsForVersions(versions)
+    resultsFuture flatMap { allResults =>
+      select(allResults, None).fold(Future.successful(NotFound(Json.obj("error"->"not found")))) { selection =>
+        Future.successful(selection.result.groupedDependenciesByHashes.get(depId) match {
+          case None => NotFound(Json.obj("error"->"not found"))
+          case Some(dep) => Ok(Json.arr(dep.vulnerabilities.map(_.name).toIndexedSeq.sorted.map(x => x : JsValueWrapper) : _*))
+        })
+      }
+    }
+  }
+
   def affectedProjects(depId: Hashes) = ReadAction.async { implicit req =>
     val (lastRefreshTime, resultsFuture) = projectReportsProvider.resultsForVersions(versions)
     resultsFuture flatMap { case (successfulResults, failedResults) =>
diff --git a/conf/routes b/conf/routes
index 3beb8dd..1d6f56b 100644
--- a/conf/routes
+++ b/conf/routes
@@ -8,6 +8,7 @@ GET         /api/table                        controllers.Statistics.table()
 GET         /api/all-dependencies.json        controllers.Statistics.allDependencies(selector: Option[String])
 GET         /api/all-dependencies-verbose.json controllers.Statistics.allDependenciesVerbose(selector: Option[String])
 POST        /api/compare-scan                 controllers.Statistics.compareScan()
+GET         /api/library/:depId/vulnerabilities  controllers.Statistics.libraryVulnerabilities(depId: com.ysoft.odc.Hashes)
 GET         /status                           controllers.Application.index(versions: Map[String, Int] = Map())
 GET         /versions                         controllers.Application.index(versions: Map[String, Int])
 GET         /dependencies                     controllers.Application.dependencies(classified: Option[Boolean] = None,        requiredTags: Seq[Int] ?= Seq(), noTag: Boolean ?= false)