logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

OSV-MCP

Fetch and manage vulnerability data for software packages, providing detailed information on CVEs, affected versions, and fixes to improve security measures.

Author

OSV-MCP logo

EdenYavin

MIT License

Quick Info

GitHub GitHub Stars 2
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

databasesosvdatabasesecure databasedatabases securedatabase access

MCP Server For OSV

A lightweight MCP (Model Context Protocol) server for OSV Database API.

Example:

Tools Provided

Overview

name description
query_package_cve List all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs.
query_for_cve_affected Query the OSV database for a CVE and return all affected versions of the package.
query_for_cve_fix_versions Query the OSV database for a CVE and return all versions that fix the vulnerability.
get_ecosystems Query the MCP for current supported ecosystems.

Detailed Description

  • query_package_cve
  • Query the OSV database for a package and return the CVE IDs.
  • Input parameters:
    • package (string, required): The package name to query
    • version (string, optional): The version of the package to query. If not specified, queries all versions
    • ecosystem (string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages

  • Returns a list of CVE IDs with their details

  • query_for_cve_affected

  • Query the OSV database for a CVE and return all affected versions.
  • Input parameters:
    • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")

  • Returns a list of affected version strings

  • query_for_cve_fix_versions

  • Query the OSV database for a CVE and return all versions that fix the vulnerability.
  • Input parameters:
    • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")

  • Returns a list of fixed version strings

  • get_ecosystems

  • Query for all current supported ecosystems by the MCP servers.
  • Return a dict with the key being the ecosystem name and the value the programming language / OS.

Prerequisites

  1. Python 3.11 or higher: This project requires Python 3.11 or newer. bash # Check your Python version python --version

  2. Install uv: A fast Python package installer and resolver. bash pip install uv Or use Homebrew: bash brew install uv

Tested on

  • [X] Cursor
  • [X] Claude

Installation

  1. Via Smithery:
npx -y @smithery/cli install @EdenYavin/OSV-MCP --client claude

  1. Locally:

    1. Clone the repo: https://github.com/EdenYavin/OSV-MCP.git
    2. Configure your MCP Host (Cusrsor / Claude Desktop etc.):
{
  "mcpServers": {
    "osv-mcp": {
      "command": "uv",
      "args": ["--directory", "path-to/OSV-MCP", "run", "osv-server"],
      "env": {}
    }
  }
}

Leave a review on VibeApp if you enjoyed it :)!

See Also

Query
Query PNG Icons
📦
Package Emojis
Man Pages
Mojo::Pg::Database Man Pages
Versions
Versions PNG Icons
Versions
Versions SVG Icons
MCP
Mcp-server-templates Mcp
Return
Return PNG Icons
Man Pages
odbx_rows_affected Man Pages
String
String PNG Icons
← Back to Databases🙏  Credits & Acknowledgments
`