Code Review In Seconds

Self-Hosted AI Code Reviewer

LiveReview
LiveReview
AI-Powered Code Review

Osv Mcp

Fetch and manage vulnerability data for software packages, providing detailed information on CVEs, affected versions, and fixes to improve security measures.

Author

Osv Mcp logo

EdenYavin

MIT License

Quick Info

GitHub GitHub Stars 2
NPM Weekly Downloads 0
Tools 1
Last Updated 23/4/2025

Actions

GitHub View on GitHub

Tags

osv vulnerability apis vulnerability data osv mcp edenyavin osv

MCP Server For OSV

A lightweight MCP (Model Context Protocol) server for OSV Database API.

Example:

demo

Tools Provided

Overview

name description
query_package_cve List all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs.
query_for_cve_affected Query the OSV database for a CVE and return all affected versions of the package.
query_for_cve_fix_versions Query the OSV database for a CVE and return all versions that fix the vulnerability.
get_ecosystems Query the MCP for current supported ecosystems.

Detailed Description

  • query_package_cve

    • Query the OSV database for a package and return the CVE IDs.
    • Input parameters:
      • package (string, required): The package name to query
      • version (string, optional): The version of the package to query. If not specified, queries all versions
      • ecosystem (string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages
    • Returns a list of CVE IDs with their details

  • query_for_cve_affected

    • Query the OSV database for a CVE and return all affected versions.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of affected version strings

  • query_for_cve_fix_versions

    • Query the OSV database for a CVE and return all versions that fix the vulnerability.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of fixed version strings

  • get_ecosystems

    • Query for all current supported ecosystems by the MCP servers.
    • Return a dict with the key being the ecosystem name and the value the programming language / OS.

Prerequisites

  1. Python 3.11 or higher: This project requires Python 3.11 or newer.

    # Check your Python version
python --version

  2. Install uv: A fast Python package installer and resolver.

    pip install uv

    Or use Homebrew:

    brew install uv

Tested on

  • Cursor
  • Claude

Installation

  1. Via Smithery:
npx -y @smithery/cli install @EdenYavin/OSV-MCP --client claude

  1. Locally:

    1. Clone the repo: https://github.com/EdenYavin/OSV-MCP.git
    2. Configure your MCP Host (Cusrsor / Claude Desktop etc.):
{
  "mcpServers": {
    "osv-mcp": {
      "command": "uv",
      "args": ["--directory", "path-to/OSV-MCP", "run", "osv-server"],
      "env": {}
    }
  }
}

Leave a review on VibeApp if you enjoyed it :)!

← Back to APIs and HTTP Requests 🙏  Credits & Acknowledgments