OpenSSF

OSV (Open Source Vulnerabilities) API

OSV is an OpenSSF-hosted distributed vulnerability database and query infrastructure. The OSV API at api.osv.dev exposes vulnerability records keyed to specific package versions or commits across multiple ecosystems including npm, PyPI, Maven, Go, NuGet, RubyGems, Cargo, Packagist, Hex, OSS-Fuzz, Linux, Android, and GitHub Actions.

GitHub OpenAPI

Documentation

📖
Documentation
https://google.github.io/osv.dev/api/
📖
Documentation
https://osv.dev/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/openssf/refs/heads/main/openapi/openssf-osv-openapi.yml

SDKs

📦
GitHubRepository
https://github.com/google/osv.dev
📦
GitHubRepository
https://github.com/ossf/osv-schema

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/openssf/refs/heads/main/json-schema/openssf-osv-vulnerability-schema.json

Other Resources

🔗
JSONLDContext
https://raw.githubusercontent.com/api-evangelist/openssf/refs/heads/main/json-ld/openssf-context.jsonld

OpenAPI Specification

openssf-osv-openapi.yml Raw ↑