OSV MCP
MCP server for querying the OSV (Open Source Vulnerabilities) database by package version or commit.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for OSV MCP, derived from its capabilities.
AIVSS 3.7 · Low
View MAESTRO 7-layer threat model →Overview
Provides tools to look up known vulnerabilities from Google's OSV database, querying by package name and version or by commit, with batch queries across multiple packages and detailed lookup by vulnerability ID. Useful for dependency risk assessment in an agent workflow. Data surface is vulnerability metadata rather than code, lowering exposure risk.
Key features
- Query vulnerabilities by package version or commit
- Batch query multiple packages
- Detailed lookup by OSV vulnerability ID
Use cases
- Dependency vulnerability triage by an agent
- Supply-chain risk checks during code review