query_package_vulns
ActiveTool of Osv
Find all known vulnerabilities for an open-source package, optionally at a specific version, via the OSV.dev database. Omit version to get every vuln known for the package. Returns a compact summary array (id, summary, aliases, severity, references). Keyless.
Parameters schema
{
"type": "object",
"required": [
"name",
"ecosystem"
],
"properties": {
"name": {
"type": "string",
"description": "Package name, e.g. \"lodash\", \"django\", \"log4j-core\", \"serde\"."
},
"version": {
"type": "string",
"description": "Optional package version, e.g. \"4.17.20\". If given, only vulns affecting that version are returned; if omitted, all vulns for the package are returned."
},
"ecosystem": {
"type": "string",
"description": "Package ecosystem. Examples: \"npm\", \"PyPI\", \"Go\", \"Maven\", \"crates.io\", \"RubyGems\", \"NuGet\"."
}
}
}No endpoints wrapped at confidence ≥ 0.50.
Parent server
Osv
https://github.com/pipeworx-io/mcp-osv
1/7 registries