OSV.dev
live SecurityOSSGoogle's open-source vulnerability database. Keyless.
3 tools
0ms auth
free tier 50 calls/day
Tools
vulnerabilities Query vulns for a package/commit.
Parameters
Name Type Description
package_name opt string — ecosystem opt string — version opt string — commit opt string — Try it
Response
query_batch
required: queries Batch query (≤1000).
Parameters
Name Type Description
queries req array — Try it
Response
get
required: vuln_id Full vuln record.
Parameters
Name Type Description
vuln_id req string — Try it
Response
Test with curl
The gateway speaks JSON-RPC 2.0 over HTTP POST. You can test any pack directly from the terminal.
List available tools
bash
curl -X POST https://gateway.pipeworx.io/osv-dev/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'Call a tool
bash
curl -X POST https://gateway.pipeworx.io/osv-dev/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"vulnerabilities","arguments":{}}}'Use with the SDK
Install @pipeworx/sdk to call tools from any TypeScript/Node project.
TypeScript
import { Pipeworx } from '@pipeworx/sdk';
const px = new Pipeworx();
const result = await px.call("vulnerabilities", {}); ask_pipeworx
// Or ask in plain English:
const answer = await px.ask("google's open-source vulnerability database");Related packs
Other Pipeworx packs in the same categories (Security, OSS):