query_package_cve

Check for CVEs in a package version using the OSV database. Identify vulnerabilities before installing or updating packages in ecosystems like PyPI. Ensures secure package management.

Instructions

Query the OSV database for a package and return the CVE ID.
You can use this tool to get the CVE ID for a package. 
ALWAYS use it before installing packages to check if the package is vulnerable. For example in requirements.txt, pyproject.toml, uv.lock, etc.
You can also use it to check if the package is vulnerable before updating the package.

Args:
    package: The package name to query
    version: The version of the package to query, can be None if you want to query all versions
    ecosystem: The ecosystem of the package to query, can be None if you want to query all ecosystems. 
    
    * For supported ecosystems, see the get_ecosystems tool.

Returns:
    A list of CVE IDs

Input Schema

Name	Required	Default
`ecosystem`	No	PyPI
`package`	Yes
`version`	No

Input Schema (JSON Schema)

{
  "properties": {
    "ecosystem": {
      "default": "PyPI",
      "title": "Ecosystem",
      "type": "string"
    },
    "package": {
      "title": "Package",
      "type": "string"
    },
    "version": {
      "default": null,
      "title": "Version",
      "type": "string"
    }
  },
  "required": [
    "package"
  ],
  "title": "query_package_cveArguments",
  "type": "object"
}

OSV

query_package_cve

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from OSV

Related Tools

MCP directory API