Labsco
StacklokLabs logo

OSV

β˜… 35

from StacklokLabs

Access the OSV (Open Source Vulnerabilities) database for vulnerability information. Query vulnerabilities by package version or commit, batch query multiple packages, and get detailed vulnerability information by ID.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeAdvanced setup

OSV MCP Server

Trust Score

An MCP (Model Context Protocol) server that provides access to the OSV (Open Source Vulnerabilities) database.

Overview

This project implements an SSE-based MCP server that allows LLM-powered applications to query the OSV database for vulnerability information. The server provides tools for:

  1. Querying vulnerabilities for a specific package version or commit
  2. Batch querying vulnerabilities for multiple packages or commits
  3. Getting detailed information about a specific vulnerability by ID

Examples

Querying vulnerabilities for a package

{
  "package_name": "lodash",
  "ecosystem": "npm",
  "version": "4.17.15"
}

Querying vulnerabilities for a commit

{
  "commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f"
}

Batch querying vulnerabilities

{
  "queries": [
    {
      "package_name": "lodash",
      "ecosystem": "npm",
      "version": "4.17.15"
    },
    {
      "package_name": "jinja2",
      "ecosystem": "PyPI",
      "version": "2.4.1"
    }
  ]
}

Getting vulnerability details

{
  "id": "GHSA-vqj2-4v8m-8vrq"
}

Development

Running tests

task test

Linting

task lint

Formatting code

task fmt