Osv Advisory Mcp Server

Editor's Note

Wraps the OSV.dev vulnerability database for querying package security advisories via MCP. Exposes four tools: single package lookups by name/ecosystem/version, batch audits for entire dependency lists (up to 1000 packages per call), full advisory retrieval by OSV ID, and ecosystem enumeration. Every vulnerability result includes CVE aliases, CVSS severity vectors, affected version ranges, and fix versions. The batch tool runs parallel queries to preserve full records that OSV's native batch endpoint omits. No API key required. Useful for triaging lockfiles, auditing SBOMs, or checking a dependency before adding it. The CVE aliases in each result chain cleanly to NIST NVD servers for EPSS scores and KEV status.

Install

claude mcp add --transport stdio cyanheads-osv-advisory-mcp-server uvx osv-advisory-mcp-server

GitHub Stars1

Votes

View on GitHub

Comments

Osv Advisory Mcp Server

Install

Osv Advisory Mcp Server

Install

Related Databases MCP Servers

Related Databases MCP Servers