Skip to main content
Glama
Sign In
enesjakozh

OSV

by EdenYavin
Verified
GitHub
Python
MIT License
2
RedditDiscord
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Integrations

  • Enables querying for package vulnerabilities in the PyPI ecosystem, fetching CVEs associated with packages and identifying affected and fixed versions

MCP Server For OSV

A lightweight MCP (Model Context Protocol) server for OSV Database API.

Example:

https://github.com/user-attachments/assets/55bb887f-3ead-4733-8328-572d3f3145fd

Features

  • Get Package CVEs: Fetch all CVEs related to a package.
  • Get CVE Affected Versions: Fetch all the affected versions for a specific CVE-ID.
  • Get CVE Fix Versions: Fetch all the versions that remediate the CVE.

Prerequisites

  1. Python 3.11 or higher: This project requires Python 3.11 or newer.
    # Check your Python version python --version
  2. Install uv: A fast Python package installer and resolver.
    pip install uv
    Or use Homebrew:
    brew install uv

Installation

Clone this repository:

git clone https://github.com/BIGdeadLock/OSV-MCP.git cd src

Configuration

For Cursor users:

{ "mcpServers": { "osv-mcp": { "command": "uv", "args": ["--directory", "/Users/eden.yavin/Projects/OSV-MCP", "run", "osv-server"], "env": {} } } }

Tools Provided

Overview

namedescription
query_package_cveList all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs.
query_for_cve_affectedQuery the OSV database for a CVE and return all affected versions of the package.
query_for_cve_fix_versionsQuery the OSV database for a CVE and return all versions that fix the vulnerability.

Detailed Description

  • query_package_cve
    • Query the OSV database for a package and return the CVE IDs.
    • Input parameters:
      • package (string, required): The package name to query
      • version (string, optional): The version of the package to query. If not specified, queries all versions
      • ecosystem (string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages
    • Returns a list of CVE IDs with their details
  • query_for_cve_affected
    • Query the OSV database for a CVE and return all affected versions.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of affected version strings
  • query_for_cve_fix_versions
    • Query the OSV database for a CVE and return all versions that fix the vulnerability.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of fixed version strings

You must be authenticated.

A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

Tools

The server can be utilized for secure development by listing all packages' CVEs, their affected versions and their fix versions.

  1. Features
    1. Prerequisites
      1. Installation
        1. Configuration
          1. Tools Provided
            1. Overview
            2. Detailed Description

          Related Resources

          Appeared in Searches

          ID: v2cmrj1d1r