OSV - Open Source Vulnerabilities

osv.dev

An open, precise, and distributed approach to producing vulnerability information.

Visit
OSV - Open Source Vulnerabilities screenshot
/ About /

OSV is a distributed vulnerability database and API for open source software, aggregating advisories from sources like GitHub Security Advisories, PyPA, and RustSec using the standardized OpenSSF OSV schema. It provides a machine-readable format that precisely maps vulnerabilities to open source package versions or commit hashes. The project also includes OSV-Scanner, a CLI tool for scanning lockfiles, SBOMs, and container images for known vulnerabilities.

/ How it works /

OSV aggregates vulnerability advisories from multiple sources into a standardized schema and exposes them via a public API and a CLI scanner that checks project dependencies against the database.

/ Who it's for /

open source developers and security engineers

/ More info /

Background.

Status
launched
Business model
free
Company
Google
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.