Labsco
EdenYavin logo

OSV Database

โ˜… 2

from EdenYavin

An MCP server for querying the OSV (Open Source Vulnerability) database API.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

MCP Server For OSV

A lightweight MCP (Model Context Protocol) server for OSV Database API.

Example:

demo


Tools Provided

Overview

namedescription
query_package_cveList all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs.
query_for_cve_affectedQuery the OSV database for a CVE and return all affected versions of the package.
query_for_cve_fix_versionsQuery the OSV database for a CVE and return all versions that fix the vulnerability.
get_ecosystemsQuery the MCP for current supported ecosystems.

Detailed Description

  • query_package_cve

    • Query the OSV database for a package and return the CVE IDs.
    • Input parameters:
      • package (string, required): The package name to query
      • version (string, optional): The version of the package to query. If not specified, queries all versions
      • ecosystem (string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages
    • Returns a list of CVE IDs with their details
  • query_for_cve_affected

    • Query the OSV database for a CVE and return all affected versions.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of affected version strings
  • query_for_cve_fix_versions

    • Query the OSV database for a CVE and return all versions that fix the vulnerability.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of fixed version strings
  • get_ecosystems

    • Query for all current supported ecosystems by the MCP servers.
    • Return a dict with the key being the ecosystem name and the value the programming language / OS.

Tested on

  • Cursor
  • Claude