Skip to main content
Glama

OSV

by EdenYavin

MCP Server For OSV

A lightweight MCP (Model Context Protocol) server for OSV Database API.

Example:


Tools Provided

Overview

namedescription
query_package_cveList all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs.
query_for_cve_affectedQuery the OSV database for a CVE and return all affected versions of the package.
query_for_cve_fix_versionsQuery the OSV database for a CVE and return all versions that fix the vulnerability.
get_ecosystemsQuery the MCP for current supported ecosystems.

Detailed Description

  • query_package_cve
    • Query the OSV database for a package and return the CVE IDs.
    • Input parameters:
      • package (string, required): The package name to query
      • version (string, optional): The version of the package to query. If not specified, queries all versions
      • ecosystem (string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages
    • Returns a list of CVE IDs with their details
  • query_for_cve_affected
    • Query the OSV database for a CVE and return all affected versions.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of affected version strings
  • query_for_cve_fix_versions
    • Query the OSV database for a CVE and return all versions that fix the vulnerability.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of fixed version strings
  • get_ecosystems
    • Query for all current supported ecosystems by the MCP servers.
    • Return a dict with the key being the ecosystem name and the value the programming language / OS.

Prerequisites

  1. Python 3.11 or higher: This project requires Python 3.11 or newer.
    # Check your Python version python --version
  2. Install uv: A fast Python package installer and resolver.
    pip install uv
    Or use Homebrew:
    brew install uv

Tested on

  • Cursor
  • Claude

Installation

  1. Via Smithery:
npx -y @smithery/cli install @EdenYavin/OSV-MCP --client claude
  1. Locally:
    1. Clone the repo: https://github.com/EdenYavin/OSV-MCP.git
    2. Configure your MCP Host (Cusrsor / Claude Desktop etc.):
{ "mcpServers": { "osv-mcp": { "command": "uv", "args": ["--directory", "path-to/OSV-MCP", "run", "osv-server"], "env": {} } } }

Leave a review on VibeApp if you enjoyed it :)!

Install Server
A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

The server can be utilized for secure development by listing all packages' CVEs, their affected versions and their fix versions.

  1. Tools Provided
    1. Overview
    2. Detailed Description
  2. Prerequisites
    1. Tested on
      1. Installation

        Related MCP Servers

        • -
          security
          A
          license
          -
          quality
          A comprehensive system that helps organizations track, manage, and respond to security vulnerabilities effectively through features like vulnerability tracking, user management, support tickets, API key management, and SSL certificate management.
          Last updated -
          Python
          MIT License
        • -
          security
          A
          license
          -
          quality
          A server that retrieves CVE details from the NVD API and fetches EPSS scores to provide comprehensive vulnerability information, including descriptions, CWEs, CVSS scores, and exploitation likelihood percentiles.
          Last updated -
          11
          Python
          MIT License
        • A
          security
          A
          license
          A
          quality
          A Model Context Protocol server providing security vulnerability intelligence tools including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking.
          Last updated -
          8
          4
          Python
          MIT License

        View all related MCP servers

        MCP directory API

        We provide all the information about MCP servers via our MCP API.

        curl -X GET 'https://glama.ai/api/mcp/v1/servers/EdenYavin/OSV-MCP'

        If you have feedback or need assistance with the MCP directory API, please join our Discord server