OSV-MCP

OSV-MCP

2
databases

The MCP Server for OSV is a lightweight server designed to interact with the OSV Database API. It provides tools to query CVE information and supported ecosystems efficiently, leveraging Python 3.11 or higher.

MCP Server For OSV

A lightweight MCP (Model Context Protocol) server for OSV Database API.

Example:

demo

Tools Provided

Overview

namedescription
query_package_cveList all the CVE IDs for a specific package. Specific version can be passed as well for more narrow scope CVE IDs.
query_for_cve_affectedQuery the OSV database for a CVE and return all affected versions of the package.
query_for_cve_fix_versionsQuery the OSV database for a CVE and return all versions that fix the vulnerability.
get_ecosystemsQuery the MCP for current supported ecosystems.

Detailed Description

  • query_package_cve

    • Query the OSV database for a package and return the CVE IDs.
    • Input parameters:
      • package (string, required): The package name to query
      • version (string, optional): The version of the package to query. If not specified, queries all versions
      • ecosystem (string, optional): The ecosystem of the package. Defaults to "PyPI" for Python packages
    • Returns a list of CVE IDs with their details

  • query_for_cve_affected

    • Query the OSV database for a CVE and return all affected versions.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of affected version strings

  • query_for_cve_fix_versions

    • Query the OSV database for a CVE and return all versions that fix the vulnerability.
    • Input parameters:
      • cve (string, required): The CVE ID to query (e.g., "CVE-2018-1000805")
    • Returns a list of fixed version strings

  • get_ecosystems

    • Query for all current supported ecosystems by the MCP servers.
    • Return a dict with the key being the ecosystem name and the value the programming language / OS.

Prerequisites

  1. Python 3.11 or higher: This project requires Python 3.11 or newer.

    # Check your Python version
python --version

  2. Install uv: A fast Python package installer and resolver.

    pip install uv

    Or use Homebrew:

    brew install uv

Tested on

  • Cursor
  • Claude

Installation

  1. Via Smithery:
npx -y @smithery/cli install @EdenYavin/OSV-MCP --client claude

  1. Locally:

    1. Clone the repo: https://github.com/EdenYavin/OSV-MCP.git
    2. Configure your MCP Host (Cusrsor / Claude Desktop etc.):
{
  "mcpServers": {
    "osv-mcp": {
      "command": "uv",
      "args": ["--directory", "path-to/OSV-MCP", "run", "osv-server"],
      "env": {}
    }
  }
}

Leave a review on VibeApp if you enjoyed it :)!