cve_package_audit
Check any software package for known CVEs and security advisories by querying the OSV database, with support for version-specific and ecosystem-aware searches.
Instructions
Check a specific software package for known vulnerabilities using OSV.dev.
Queries the Open Source Vulnerabilities database to find all known CVEs and security advisories affecting a package. Supports version-specific queries across all major ecosystems.
Args: package: Package name (e.g., 'lodash', 'django', 'openssl') version: Specific version to check (e.g., '4.17.20'). If omitted, returns all known vulnerabilities for any version. ecosystem: Package ecosystem — 'npm', 'PyPI', 'Maven', 'Go', 'crates.io', 'NuGet', 'Packagist', 'RubyGems', 'Debian', 'Alpine', etc. If omitted, OSV auto-detects.
Example usage: cve_package_audit(package='lodash', version='4.17.20', ecosystem='npm') cve_package_audit(package='django', ecosystem='PyPI') cve_package_audit(package='openssl')
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| package | Yes | ||
| version | No | ||
| ecosystem | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |