Skip to main content
Glama

OSV

by EdenYavin

query_package_cve

Check for CVEs in a package version using the OSV database. Identify vulnerabilities before installing or updating packages in ecosystems like PyPI. Ensures secure package management.

Instructions

Query the OSV database for a package and return the CVE ID. You can use this tool to get the CVE ID for a package. ALWAYS use it before installing packages to check if the package is vulnerable. For example in requirements.txt, pyproject.toml, uv.lock, etc. You can also use it to check if the package is vulnerable before updating the package. Args: package: The package name to query version: The version of the package to query, can be None if you want to query all versions ecosystem: The ecosystem of the package to query, can be None if you want to query all ecosystems. * For supported ecosystems, see the get_ecosystems tool. Returns: A list of CVE IDs

Input Schema

NameRequiredDescriptionDefault
ecosystemNoPyPI
packageYes
versionNo

Input Schema (JSON Schema)

{ "properties": { "ecosystem": { "default": "PyPI", "title": "Ecosystem", "type": "string" }, "package": { "title": "Package", "type": "string" }, "version": { "default": null, "title": "Version", "type": "string" } }, "required": [ "package" ], "title": "query_package_cveArguments", "type": "object" }

Other Tools from OSV

Related Tools

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/EdenYavin/OSV-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server