This OSV MCP server allows querying the OSV database for software vulnerabilities with the following capabilities:
Query for all CVE IDs associated with a specific package, optionally filtered by version and ecosystem (default: PyPI for Python packages)
Retrieve all affected versions of a package for a given CVE
Find all versions that fix a given CVE
Get a list of supported ecosystems and their corresponding programming languages or operating systems
Enables querying for package vulnerabilities in the PyPI ecosystem, fetching CVEs associated with packages and identifying affected and fixed versions
MCP Server For OSV
A lightweight MCP (Model Context Protocol) server for OSV Database API.
Example:
Tools Provided
Overview
name | description |
query_package_cve | List all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs. |
query_for_cve_affected | Query the OSV database for a CVE and return all affected versions of the package. |
query_for_cve_fix_versions | Query the OSV database for a CVE and return all versions that fix the vulnerability. |
get_ecosystems | Query the MCP for current supported ecosystems. |
Detailed Description
query_package_cve
Query the OSV database for a package and return the CVE IDs.
Input parameters:
package(string, required): The package name to queryversion(string, optional): The version of the package to query. If not specified, queries all versionsecosystem(string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages
Returns a list of CVE IDs with their details
query_for_cve_affected
Query the OSV database for a CVE and return all affected versions.
Input parameters:
cve(string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
Returns a list of affected version strings
query_for_cve_fix_versions
Query the OSV database for a CVE and return all versions that fix the vulnerability.
Input parameters:
cve(string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
Returns a list of fixed version strings
get_ecosystems
Query for all current supported ecosystems by the MCP servers.
Return a dict with the key being the ecosystem name and the value the programming language / OS.
Related MCP server: MCP Vulnerability Management System
Prerequisites
Python 3.11 or higher: This project requires Python 3.11 or newer.
# Check your Python version python --versionInstall uv: A fast Python package installer and resolver.
pip install uvOr use Homebrew:
brew install uv
Tested on
Cursor
Claude
Installation
Via Smithery:
Locally:
Clone the repo:
https://github.com/EdenYavin/OSV-MCP.gitConfigure your MCP Host (Cusrsor / Claude Desktop etc.):
Leave a review on
Appeared in Searches
- MCP server for analyzing CVEs (Common Vulnerabilities and Exposures)
- CodeQL static analysis tool and semantic code analysis platform
- A server that scans projects for security vulnerabilities and recommends fixes
- Search for known security vulnerabilities on the NSIS website
- Automating guard duty alert validation and reporting process