OSV

OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it perform bisects to figure out the exact commit that introduces the bug, as well the exact commit that fixes it. This is cross referenced against upstream repositories to figure out the affected tags and commit ranges.

Vulnerability Management · OpenSourceVulnerabilities

Configuration parameters

  • url — Server URL (e.g. https://api.osv.dev) (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (3)

  • osv-get-vuln-by-id

    Return a `Vulnerability` object for a given OSV ID. All list of vulnerabilities can be found at https://osv.dev/list

  • osv-query-affected-by-commit

    Query vulnerabilities for a particular project at a given commit.

  • osv-query-affected-by-package

    Query vulnerabilities for a particular project based on package name and verion.