OSV MCP Server
SSE-based MCP server for querying the OSV vulnerability database
Key Features
Use Cases
README
OSV MCP Server
An MCP (Model Context Protocol) server that provides access to the OSV (Open Source Vulnerabilities) database.
Overview
This project implements an SSE-based MCP server that allows LLM-powered applications to query the OSV database for vulnerability information. The server provides tools for:
- Querying vulnerabilities for a specific package version or commit
- Batch querying vulnerabilities for multiple packages or commits
- Getting detailed information about a specific vulnerability by ID
Installation
Prerequisites
Building from source
# Clone the repository
git clone https://github.com/StacklokLabs/osv-mcp.git
cd osv-mcp
# Build the server
task build
Usage
Running with ToolHive (Recommended)
The easiest way to run the OSV MCP server is using ToolHive, which provides secure, containerized deployment of MCP servers:
# Install ToolHive (if not already installed)
# See: https://docs.stacklok.com/toolhive/guides-cli/install
# Register a supported client so ToolHive can auto-configure your environment
thv client setup
# Run the OSV MCP server (packaged as 'osv' in ToolHive)
thv run osv
# List running servers
thv list
# Get detailed information about the server
thv registry info osv
The server will be available to your MCP-compatible clients and can query the OSV database for vulnerability information.
Running from Source
Server Configuration
The server can be configured using environment variables:
-
MCP_PORT: The port number to run the server on (default: 8080)- Must be a valid integer between 0 and 65535
- If invalid or not set, the server will use port 8080
-
MCP_TRANSPORT: The transport mode for the server (default:sse)- Supported values:
sse,streamable-http - If invalid or not set, the server will use SSE transport mode
- Supported values:
Example:
# Run on port 3000
MCP_PORT=3000 ./build/osv-mcp-server
# Run on default port 8080
./build/osv-mcp-server
MCP Tools
The server provides the following MCP tools:
query_vulnerability
Query for vulnerabilities affecting a specific package version or commit.
Input Schema:
{
"type": "object",
"properties": {
"commit": {
"type": "string",
"description": "The commit hash to query for. If specified, version should not be set."
},
"version": {
"type": "string",
"description": "The version string to query for. If specified, commit should not be set."
},
"package_name": {
"type": "string",
"description": "The name of the package."
},
"ecosystem": {
"type": "string",
"description": "The ecosystem for this package (e.g., PyPI, npm, Go)."
},
"purl": {
"type": "string",
"description": "The package URL for this package. If purl is used, package_name and ecosystem should not be set."
}
}
}
query_vulnerabilities_batch
Query for vulnerabilities affecting multiple packages or commits at once.
Input Schema:
{
"type": "object",
"properties": {
"queries": {
"type": "array",
"description": "Array of query objects",
"items": {
"type": "object",
"properties": {
"commit": {
"type": "string",
"description": "The commit hash to query for. If specified, version should not be set."
},
"version": {
"type": "string",
"description": "The version string to query for. If specified, commit should not be set."
},
"package_name": {
"type": "string",
"description": "The name of the package."
},
"ecosystem": {
"type": "string",
"description": "The ecosystem for this package (e.g., PyPI, npm, Go)."
},
"purl": {
"type": "string",
"description": "The package URL for this package. If purl is used, package_name and ecosystem should not be set."
}
}
}
}
},
"required": ["queries"]
}
get_vulnerability
Get details for a specific vulnerability by ID.
Input Schema:
{
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The OSV vulnerability ID"
}
},
"required": ["id"]
}
Examples
Querying vulnerabilities for a package
{
"package_name": "lodash",
"ecosystem": "npm",
"version": "4.17.15"
}
Querying vulnerabilities for a commit
{
"commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f"
}
Batch querying vulnerabilities
{
"queries": [
{
"package_name": "lodash",
"ecosystem": "npm",
"version": "4.17.15"
},
{
"package_name": "jinja2",
"ecosystem": "PyPI",
"version": "2.4.1"
}
]
}
Getting vulnerability details
{
"id": "GHSA-vqj2-4v8m-8vrq"
}
Development
Running tests
task test
Linting
task lint
Formatting code
task fmt
Contributing
We welcome contributions to this MCP server! If you'd like to contribute, please review the CONTRIBUTING guide for details on how to get started.
If you run into a bug or have a feature request, please
open an issue in the
repository or join us in the #mcp-servers channel on our
community Discord server.
License
This project is licensed under the Apache v2 License - see the LICENSE file for details.
Star History
Repository Owner
Organization
Repository Details
Programming Languages
Tags
Join Our Newsletter
Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.
Related MCPs
Discover similar Model Context Protocol servers
vuln-nist-mcp-server
Query and structure NIST NVD vulnerability data for LLMs via the Model Context Protocol.
vuln-nist-mcp-server serves as a Model Context Protocol (MCP) server, providing structured and formatted access to the NIST National Vulnerability Database (NVD) for downstream AI models. It offers a suite of tools for querying and processing CVE and KEV data, with advanced filtering, temporal awareness, chunked querying for large date ranges, and robust input validation. This server is designed for seamless integration with MCP-compatible clients to support context-rich, time-relative, and targeted vulnerability information retrieval.
- ⭐ 7
- MCP
- HaroldFinchIFT/vuln-nist-mcp-server
TeslaMate MCP Server
Query your TeslaMate data using the Model Context Protocol
TeslaMate MCP Server implements the Model Context Protocol to enable AI assistants and clients to securely access and query Tesla vehicle data, statistics, and analytics from a TeslaMate PostgreSQL database. The server exposes a suite of tools for retrieving vehicle status, driving history, charging sessions, battery health, and more using standardized MCP endpoints. It supports local and Docker deployments, includes bearer token authentication, and is intended for integration with MCP-compatible AI systems like Claude Desktop.
- ⭐ 106
- MCP
- cobanov/teslamate-mcp
Teamwork MCP Server
Seamless Teamwork.com integration for Large Language Models via the Model Context Protocol
Teamwork MCP Server is an implementation of the Model Context Protocol (MCP) that enables Large Language Models to interact securely and programmatically with Teamwork.com. It offers standardized interfaces, including HTTP and STDIO, allowing AI agents to perform various project management operations. The server supports multiple authentication methods, an extensible toolset architecture, and is designed for production deployments. It provides read-only capability for safe integrations and robust observability features.
- ⭐ 11
- MCP
- Teamwork/mcp
OPNsense MCP Server
AI-powered firewall and network management for OPNsense
OPNsense MCP Server provides a comprehensive Model Context Protocol server for automating and managing OPNsense firewall configurations. It enables AI assistants, such as Claude, to directly interact with and control networking features including firewall rules, NAT, VLANs, diagnostics, and advanced system operations via API and SSH. The tool supports batch operations, direct command execution, and advanced troubleshooting, enhancing network management automation. It also supports integration for infrastructure as code and toolchains supporting MCP environments.
- ⭐ 26
- MCP
- vespo92/OPNSenseMCP
GitHub MCP Server
Connect AI tools directly to GitHub for repository, issue, and workflow management via natural language.
GitHub MCP Server enables AI tools such as agents, assistants, and chatbots to interact natively with the GitHub platform. It allows these tools to access repositories, analyze code, manage issues and pull requests, and automate workflows using the Model Context Protocol (MCP). The server supports integration with multiple hosts, including VS Code and other popular IDEs, and can operate both remotely and locally. Built for developers seeking to enhance AI-powered development workflows through seamless GitHub context access.
- ⭐ 24,418
- MCP
- github/github-mcp-server
MLB API MCP Server
A Model Context Protocol server for seamless MLB data access through AI applications.
MLB API MCP Server provides comprehensive access to MLB statistics and baseball data via a FastMCP-based interface. It exposes a range of MLB functionalities—including live game data, player statistics, team information, and advanced metrics—as MCP tools accessible by AI workflows. Compatible with MCP-enabled AI clients, it enables structured, schema-validated querying and integrations for baseball data.
- ⭐ 33
- MCP
- guillochon/mlb-api-mcp
Didn't find tool you were looking for?