OSV - Open Source Vulnerabilities
An open, precise, and distributed approach to producing vulnerability information.

OSV is a distributed vulnerability database and API for open source software, aggregating advisories from sources like GitHub Security Advisories, PyPA, and RustSec using the standardized OpenSSF OSV schema. It provides a machine-readable format that precisely maps vulnerabilities to open source package versions or commit hashes. The project also includes OSV-Scanner, a CLI tool for scanning lockfiles, SBOMs, and container images for known vulnerabilities.
OSV aggregates vulnerability advisories from multiple sources into a standardized schema and exposes them via a public API and a CLI scanner that checks project dependencies against the database.
open source developers and security engineers
Background.
- Status
- launched
- Business model
- free
- Company
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.