Query OSV.dev for package vulnerabilities and batch-audit dependency lists via MCP.
@cyanheads/osv-advisory-mcp-server Query OSV.dev for package vulnerabilities, batch-audit dependency lists, and fetch full advisory records via MCP. STDIO or Streamable HTTP. [](./CHANGELOG.md) [](./LICENSE) []( []( []( []( []( Public Hosted Server: 4 tools for querying the OSV.dev vulnerability database — single package lookups, batch dependency audits, and full advisory fetch: | Query known…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
@cyanheads/osv-advisory-mcp-server Query OSV.dev for package vulnerabilities, batch-audit dependency lists, and fetch full advisory records via MCP. STDIO or Streamable HTTP. [](./CHANGELOG.md) [](./LICENSE) []( []( []( []( []( Public Hosted Server: 4 tools for querying the OSV.dev vulnerability database — single package lookups, batch dependency audits, and full advisory fetch: | Query known vulnerabilities for a single package version by name, ecosystem, and version | | Batch vulnerability…