check_vulnerabilities
Identify known advisories in your project's dependency tree by cross-referencing against the OSV.dev vulnerability database, with computed severity.
Instructions
Cross-reference a project's resolved dependencies against the OSV.dev vulnerability database and report which packages have known advisories (CVE/GHSA/RUSTSEC/PYSEC), with computed severity. Only reports advisories for packages actually present in the dependency tree — not generic noise. Requires network access to api.osv.dev.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | No | Path to the project directory. Defaults to the current working directory. | |
| severity_min | No | Optional. Only report advisories at or above this severity. |