query_package_cve
Check for CVEs in a package version using the OSV database. Identify vulnerabilities before installing or updating packages in ecosystems like PyPI. Ensures secure package management.
Instructions
Query the OSV database for a package and return the CVE ID.
You can use this tool to get the CVE ID for a package.
ALWAYS use it before installing packages to check if the package is vulnerable. For example in requirements.txt, pyproject.toml, uv.lock, etc.
You can also use it to check if the package is vulnerable before updating the package.
Args:
package: The package name to query
version: The version of the package to query, can be None if you want to query all versions
ecosystem: The ecosystem of the package to query, can be None if you want to query all ecosystems.
* For supported ecosystems, see the get_ecosystems tool.
Returns:
A list of CVE IDs
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ecosystem | No | PyPI | |
| package | Yes | ||
| version | No |
Input Schema (JSON Schema)
{
"properties": {
"ecosystem": {
"default": "PyPI",
"title": "Ecosystem",
"type": "string"
},
"package": {
"title": "Package",
"type": "string"
},
"version": {
"default": null,
"title": "Version",
"type": "string"
}
},
"required": [
"package"
],
"title": "query_package_cveArguments",
"type": "object"
}