A
securityA
licenseA
qualityAudits npm package dependencies for security vulnerabilities, providing detailed reports and fix recommendations with MCP integration.
Last updated -
1
26
24
TypeScript
MIT License
Integrations
Enables querying for package vulnerabilities in the PyPI ecosystem, fetching CVEs associated with packages and identifying affected and fixed versions
MCP Server For OSV
A lightweight MCP (Model Context Protocol) server for OSV Database API.
Example:
Tools Provided
Overview
| name | description |
|---|---|
| query_package_cve | List all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs. |
| query_for_cve_affected | Query the OSV database for a CVE and return all affected versions of the package. |
| query_for_cve_fix_versions | Query the OSV database for a CVE and return all versions that fix the vulnerability. |
| get_ecosystems | Query the MCP for current supported ecosystems. |
Detailed Description
- query_package_cve
- Query the OSV database for a package and return the CVE IDs.
- Input parameters:
package(string, required): The package name to queryversion(string, optional): The version of the package to query. If not specified, queries all versionsecosystem(string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages
- Returns a list of CVE IDs with their details
- query_for_cve_affected
- Query the OSV database for a CVE and return all affected versions.
- Input parameters:
cve(string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
- Returns a list of affected version strings
- query_for_cve_fix_versions
- Query the OSV database for a CVE and return all versions that fix the vulnerability.
- Input parameters:
cve(string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
- Returns a list of fixed version strings
- get_ecosystems
- Query for all current supported ecosystems by the MCP servers.
- Return a dict with the key being the ecosystem name and the value the programming language / OS.
Prerequisites
- Python 3.11 or higher: This project requires Python 3.11 or newer.Copy
- Install uv: A fast Python package installer and resolver.Or use Homebrew:CopyCopy
Tested on
- Cursor
- Claude
Installation
- Via Smithery:
Copy
- Locally:
- Clone the repo:
https://github.com/EdenYavin/OSV-MCP.git - Configure your MCP Host (Cusrsor / Claude Desktop etc.):
- Clone the repo:
Copy
Leave a review on VibeApp if you enjoyed it :)!
You must be authenticated.
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
The server can be utilized for secure development by listing all packages' CVEs, their affected versions and their fix versions.
Related Resources
Related MCP Servers
- -securityFlicense-qualityA standalone server enabling Snyk security scanning through the Model Context Protocol, with support for repository and project analysis, token verification, and CLI integration.Last updated -1JavaScript
- -securityFlicense-qualityA secure server that allows LLM applications like Claude to execute whitelisted system commands with user confirmation and comprehensive security features.Last updated -Python
- AsecurityFlicenseAqualityA secure JavaScript REPL server that enables executing code snippets in a sandboxed environment with memory protection, timeout handling, and comprehensive error reporting.Last updated -21,3693JavaScript