osv-advisory-mcp-server
Server Details
Query OSV.dev for package vulnerabilities and batch-audit dependency lists via MCP.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.7/5 across 4 of 4 tools scored.
Each tool has a clearly distinct purpose: fetching full advisory records by ID, listing supported ecosystems, querying multiple packages, and querying a single package. There is no overlap or ambiguity.
All tools follow a consistent `osv_verb_noun` pattern in snake_case. Prefix is uniform, verbs ('get', 'list', 'query') are appropriate, and nouns are specific.
With 4 tools, the server is well-scoped for vulnerability querying. Each tool serves a necessary function without bloat or insufficiency.
The tool set covers the core workflow: querying vulnerabilities (single and batch), retrieving full details, and discovering supported ecosystems. No obvious gaps for typical dependency audit and SBOM scanning tasks.
Available Tools
4 toolsosv_get_vulnerabilityOsv Get VulnerabilityARead-onlyIdempotentInspect
Fetch the full advisory record for an OSV vulnerability ID. Returns the complete record: summary, full details text, CVE aliases, all affected packages and version ranges, fix versions, CVSS severity vectors, CWE weakness IDs, and references. Use when osv_query or osv_query_batch returns a vuln ID and you need the full advisory context — eligibility criteria, scope of affected packages, or remediation guidance.
| Name | Required | Description | Default |
|---|---|---|---|
| id | Yes | OSV vulnerability ID. Accepts any prefix: "GHSA-" (GitHub), "PYSEC-" (Python), "RUSTSEC-" (Rust), "GO-" (Go), "DSA-"/"DLA-" (Debian), "CVE-" (fallback direct lookups). Example: "GHSA-29mw-wpgm-hmr9". |
Output Schema
| Name | Required | Description |
|---|---|---|
| id | Yes | OSV vulnerability ID. |
| cweIds | Yes | CWE weakness classifications (e.g. ["CWE-79"]). Present on GitHub Advisory Database records; empty otherwise. |
| aliases | Yes | Alternative IDs — usually CVE IDs. Accepted by nvd_get_cve on nist-nvd-mcp-server for CVSS base score, EPSS exploitation probability, and CISA KEV status. |
| details | Yes | Full advisory text, typically in Markdown. May include proof-of-concept, reproduction steps, or remediation guidance. |
| summary | Yes | One-line advisory description. |
| affected | Yes | All affected packages and their version ranges. An advisory may span multiple packages or ecosystems. |
| modified | Yes | ISO 8601 timestamp of last modification. |
| severity | Yes | CVSS severity entries. Empty for unscored advisories. |
| published | Yes | ISO 8601 timestamp when published. |
| references | Yes | Advisory references — NVD links, patches, vendor advisories, PoC reports. |
| schemaVersion | Yes | OSV schema version this record conforms to (e.g. "1.7.3"). |
| severityLabel | Yes | Human-readable severity label ("LOW", "MODERATE", "HIGH", "CRITICAL"). Present on GHSA-sourced records; null when not available. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint and idempotentHint, so the description only adds context about acceptable ID prefixes. It does not disclose any additional behavioral traits like rate limits, but given annotation coverage, this is sufficient.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, no wasted words. The first sentence states purpose and contents; the second provides context. Information is front-loaded.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the presence of an output schema, the description need not explain return values. It covers purpose, usage, parameter details, and context, making it fully actionable for an agent.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, yet the description adds significant value by listing accepted ID prefixes (GHSA-, PYSEC-, etc.) and providing an example. This goes beyond the schema description.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool fetches the full advisory record for an OSV vulnerability ID, specifying the action and resource. It also distinguishes from sibling tools by referencing osv_query and osv_query_batch.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly states when to use: 'Use when osv_query or osv_query_batch returns a vuln ID and you need the full advisory context.' This guidelines direct the agent from related tools.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
osv_list_ecosystemsOsv List EcosystemsARead-onlyIdempotentInspect
Return the list of supported ecosystem identifier strings for use with osv_query and osv_query_batch. Ecosystem strings are case-sensitive exact matches — passing "pypi" instead of "PyPI" returns an error from the API. Use this tool to discover valid ecosystem strings before querying, or to verify an ecosystem identifier from a lockfile format. The list is static (maintained from the OSV schema spec) and may occasionally lag newly added ecosystems.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Output Schema
| Name | Required | Description |
|---|---|---|
| note | Yes | Advisory note about list currency and canonical source. |
| ecosystems | Yes | Supported ecosystem identifier strings. These are case-sensitive exact matches required by the ecosystem parameter of osv_query and osv_query_batch. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint and idempotentHint. Description adds valuable context about case-sensitivity leading to errors, static nature of the list, and potential lag. No contradiction with annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two well-structured sentences that are front-loaded with the core purpose. Every sentence adds value without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given zero parameters, an output schema exists, and annotations cover safety, the description provides sufficient context for usage, behavior, and constraints. No gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters exist in the schema, so baseline is 4. The description adds no parameter information because none are needed; schema coverage is 100%.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states it returns a list of supported ecosystem identifier strings for use with osv_query and osv_query_batch. It distinguishes itself from siblings by explaining its role as a discovery tool for valid ecosystem strings.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly states when to use: before querying to discover valid ecosystems or to verify identifiers. Notes that ecosystem strings are case-sensitive and may lag, and mentions sibling tools osv_query and osv_query_batch.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
osv_query_batchOsv Query BatchARead-onlyIdempotentInspect
Query vulnerabilities for multiple packages in one call — the primary tool for dependency audits, SBOM scanning, and lockfile triage. Pass an array of {name, ecosystem, version} tuples (up to 1000). Each entry in the response corresponds positionally to the input. Each finding includes CVE aliases for chaining to nist-nvd-mcp-server for CVSS scoring. Invalid ecosystem strings are rejected before querying — call osv_list_ecosystems to validate.
| Name | Required | Description | Default |
|---|---|---|---|
| packages | Yes | Packages to audit. One entry per dependency. Positional: result[i] corresponds to packages[i]. |
Output Schema
| Name | Required | Description |
|---|---|---|
| results | Yes | Per-package results, positionally matching the input array. |
| summary | Yes | Aggregate statistics across the full batch. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnly and idempotent hints. The description adds behavioral details: pre-validation of ecosystems (rejection before querying), positional response mapping, and inclusion of CVE aliases for chaining. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Five sentences, front-loaded with purpose, no redundant words. Every sentence adds unique value: purpose, input format, positional mapping, chaining tip, and error handling. Highly concise.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity (batch query, array input, error handling) and the presence of output schema, the description covers use cases, input format, limits, positional mapping, error handling guidance, and mentions output includes CVE aliases. No gaps.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with descriptions for each parameter. The description reinforces the array structure, adds constraints (max 1000), and explains positional correspondence. It also hints at output content (CVE aliases) which adds value beyond schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool queries vulnerabilities for multiple packages in one call, explicitly naming use cases (dependency audits, SBOM scanning, lockfile triage) and distinguishing it from siblings like osv_query_package (single package) and osv_list_ecosystems (ecosystem validation).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description specifies when to use this tool (primary for audits, scanning, triage) and provides practical guidance: pass tuples up to 1000, positional response, and validate ecosystems via osv_list_ecosystems. It lacks explicit contrast with siblings but implies alternatives for single queries.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
osv_query_packageOsv Query PackageARead-onlyIdempotentInspect
Query known vulnerabilities for a single package version across any supported ecosystem. Returns all matching OSV advisories with severity (CVSS vectors), CVE aliases, affected version ranges, and first safe version. Use osv_list_ecosystems to validate the ecosystem string before querying — ecosystem strings are case-sensitive exact matches and an invalid value returns an error, not empty results.
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | Package name as it appears in the ecosystem (e.g. "express", "requests", "serde"). Case-sensitive. | |
| version | Yes | Package version to check (e.g. "4.17.1", "3.1.4", "1.0.0"). Must be an exact version string, not a range. | |
| ecosystem | Yes | Ecosystem identifier. Must be an exact match (case-sensitive). Use osv_list_ecosystems to see valid values. Examples: "npm", "PyPI", "crates.io", "Go", "Maven", "NuGet". |
Output Schema
| Name | Required | Description |
|---|---|---|
| vulns | Yes | Vulnerabilities matching this package version. Empty array means no known vulnerabilities. |
| queryMeta | Yes | Query parameters as submitted. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate read-only, non-open-world, idempotent. Description adds specifics about return values (CVSS vectors, CVE aliases, affected ranges, first safe version) and error vs empty results, providing context beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, each dense with information. No unnecessary words. Front-loaded with purpose, then usage note. Highly efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
With output schema present and annotations, description covers purpose, parameters, usage context, and return format. No gaps for a single-query tool. Complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema covers 100% of parameters with detailed descriptions. Description adds value by reinforcing case-sensitivity and error handling, but the schema already does heavy lifting. Slightly above baseline 3.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states 'Query known vulnerabilities for a single package version across any supported ecosystem', with a specific verb and resource. It distinguishes itself from siblings like osv_get_vulnerability (single advisory detail) and osv_query_batch (batch query).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly advises using osv_list_ecosystems to validate the ecosystem string before querying, warns about case-sensitivity and error behavior, and provides actionable guidance for correct usage.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!