OSV MCP
MCP server for querying the OSV (Open Source Vulnerabilities) database by package version or commit.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for OSV MCP, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
Provides tools to look up known vulnerabilities from Google's OSV database, querying by package name and version or by commit, with batch queries across multiple packages and detailed lookup by vulnerability ID. Useful for dependency risk assessment in an agent workflow. Data surface is vulnerability metadata rather than code, lowering exposure risk.
Key features
- Query vulnerabilities by package version or commit
- Batch query multiple packages
- Detailed lookup by OSV vulnerability ID
Use cases
- Dependency vulnerability triage by an agent
- Supply-chain risk checks during code review