gets all vulns from workspace, regardless of their type (regular/web).
