Nexus for Open Source Vulnerability (OSV) Data

A streamlined Model Context Protocol (MCP) gateway to interface with the OSV Database API.

Visual Aid Example:

---

Available Operations

Summary

|Operation Name|Purpose| |---|---|| |lookup_package_advisories|Enumerate all associated CVE identifiers for a given software component. Version specificity can be included for refined results.| |fetch_vulnerable_ranges|Consult the OSV repository for a specific CVE and list all versions identified as susceptible to the flaw.| |retrieve_remediation_versions|Query the OSV repository for a known CVE and extract all versions that contain corrective patches.| |enumerate_supported_contexts|Request the MCP layer for the currently recognized software ecosystems it supports.

Detailed Functionality

• lookup_package_advisories
• Interrogates the OSV registry to retrieve all relevant CVE records pertaining to a software artifact.
• Required Inputs:
  • package (text, mandatory): The precise name of the software component.
  • version (text, elective): The specific software release number. Omission defaults to checking all known versions.
  • ecosystem (text, elective): The environment context of the package. Defaults to 'PyPI' for Python libraries.

• Output: A collection of CVE identifiers accompanied by their associated metadata.

• fetch_vulnerable_ranges

• Queries the OSV dataset concerning a particular CVE entry and reports all versions affected by it.
• Required Inputs:
  • cve (text, mandatory): The standardized CVE identifier (e.g., "CVE-2018-1000805").

• Output: A sequence of strings representing the affected version numbers.

• retrieve_remediation_versions

• Consults the OSV database for a given CVE identifier and extracts the complete set of versions that resolve the security issue.
• Required Inputs:
  • cve (text, mandatory): The CVE identifier being investigated (e.g., "CVE-2018-1000805").

• Output: A sequence of strings denoting the fixed version numbers.

• enumerate_supported_contexts

• Fetches the roster of all active software environments managed by this MCP service instance.
• Output: A mapping where keys are ecosystem names and values describe the associated language or operating system.

---

Initial Setup Requirements

1. Runtime Environment: Requires Python version 3.11 or newer. bash # Verify installed version python --version

2. Package Manager Utility: Must install 'uv', a rapid utility for Python package installation and dependency resolution. bash pip install uv

Alternatively, via Homebrew: bash brew install uv

---

Compatibility Validation

• [X] Cursor IDE
• [X] Claude AI Platform

---

Deployment Instructions

1. Via Smithery Platform: bash npx -y @smithery/cli install @EdenYavin/OSV-MCP --client claude

2. Local Installation:

   1. Clone the source repository: https://github.com/EdenYavin/OSV-MCP.git
   2. Configure your MCP Host environment (e.g., Cursor / Claude Desktop):

{ "mcpServers": { "osv-nexus": { "command": "uv", "args": ["--directory", "path-to/OSV-MCP", "run", "osv-server"], "env": {} } } }

---

Kindly consider leaving feedback on VibeApp if this utility proves beneficial!