OSV

OSV is a distributed vulnerability database for open-source software, initiated by Google, that aggregates vulnerability data from ecosystem-specific sources like GitHub Advisory Database, PyPI Advisory Database, and RustSec. It uses a machine-readable JSON schema that links vulnerabilities to precise affected version ranges for packages across multiple ecosystems.

The OSV.dev API enables tools to query vulnerability status for any open-source dependency.