What is Osv Mcp

OSV-MCP is a lightweight Model Context Protocol (MCP) server designed for the OSV Database API, enabling efficient management and retrieval of vulnerability information related to software packages.

Use cases

Use cases for OSV-MCP include querying CVEs for specific software packages, identifying affected versions to assess risk, and determining which versions contain fixes for vulnerabilities.

How to use

To use OSV-MCP, ensure you have Python 3.11 or higher installed. Install the ‘uv’ package using pip or Homebrew. Configure the MCP server in your environment and run it using the specified command.

Key features

Key features of OSV-MCP include fetching all CVEs related to a package, retrieving affected versions for specific CVE-IDs, and obtaining versions that remediate the CVEs.

Where to use

OSV-MCP can be utilized in software development, cybersecurity, and vulnerability management fields, particularly for applications that require tracking and fixing software vulnerabilities.

MCP Server For OSV

A lightweight MCP (Model Context Protocol) server for OSV Database API.

Example:

Tools Provided

Overview

Detailed Description

• query_package_cve

  • Query the OSV database for a package and return the CVE IDs.
  • Input parameters:
    • package (string, required): The package name to query
    • version (string, optional): The version of the package to query. If not specified, queries all versions
    • ecosystem (string, optional): The ecosystem of the package. Defaults to “PyPI” for Python packages
  • Returns a list of CVE IDs with their details

• query_for_cve_affected

  • Query the OSV database for a CVE and return all affected versions.
  • Input parameters:
    • cve (string, required): The CVE ID to query (e.g., “CVE-2018-1000805”)
  • Returns a list of affected version strings

• query_for_cve_fix_versions

  • Query the OSV database for a CVE and return all versions that fix the vulnerability.
  • Input parameters:
    • cve (string, required): The CVE ID to query (e.g., “CVE-2018-1000805”)
  • Returns a list of fixed version strings

• get_ecosystems

  • Query for all current supported ecosystems by the MCP servers.
  • Return a dict with the key being the ecosystem name and the value the programming language / OS.

Prerequisites

1. Python 3.11 or higher: This project requires Python 3.11 or newer.

   # Check your Python version
   python --version
   

2. Install uv: A fast Python package installer and resolver.

   pip install uv
   

   Or use Homebrew:

   brew install uv
   

Tested on

• [X] Cursor
• [X] Claude

Installation

1. Via Smithery:

npx -y @smithery/cli install @EdenYavin/OSV-MCP --client claude

2. Locally:

   1. Clone the repo: https://github.com/EdenYavin/OSV-MCP.git
   2. Configure your MCP Host (Cusrsor / Claude Desktop etc.):

{
  "mcpServers": {
    "osv-mcp": {
      "command": "uv",
      "args": [
        "--directory",
        "path-to/OSV-MCP",
        "run",
        "osv-server"
      ],
      "env": {}
    }
  }
}

Leave a review on VibeApp
if you enjoyed it :)!