OSV - Open Source Vulnerabilities
osv.devAn open, precise, and distributed approach to producing vulnerability information.
Securityvulnerability-databaseopen-sourcesecurity-scanningcvesbomdependency-scanningapi
About
OSV is a distributed vulnerability database and API for open source software, aggregating advisories from sources like GitHub Security Advisories, PyPA, and RustSec using the standardized OpenSSF OSV schema. It provides a machine-readable format that precisely maps vulnerabilities to open source package versions or commit hashes. The project also includes OSV-Scanner, a CLI tool for scanning lockfiles, SBOMs, and container images for known vulnerabilities.
Problem
Developers lack a unified, machine-readable database to identify known vulnerabilities in their open source dependencies.
For
open source developers and security engineers
How it works
OSV aggregates vulnerability advisories from multiple sources into a standardized schema and exposes them via a public API and a CLI scanner that checks project dependencies against the database.
Business model
free
Status
launched
Company
Google