A distributed vulnerability database for Open Source
An open, distributed way of managing vulnerabilities for open source.
Ecosystems
{% if ecosystem_counts %}
{% set total = ecosystem_counts.values() | sum %}
{% for ecosystem in ecosystem_counts %}
{% if ecosystem_counts[ecosystem] > 30 %}
-
{% set radius = [(ecosystem_counts[ecosystem] | log) / (total | log) * 100, 30] | max %}
{{ ecosystem }}
{{ ecosystem_counts[ecosystem] }}
{% endif %}
{% endfor %}
{% endif %}
OSV schema
All advisories in this database use the
OpenSSF OSV format, which
was developed in collaboration with open source communities. This
infrastructure serves as an aggregator of
vulnerability databases
that have adopted this schema.
The OSV schema provides a human and machine readable data format to
describe vulnerabilities in a way that precisely map to open source
package versions.
{
"schema_version": "1.3.0",
"id": "GHSA-c3g4-w6cv-6v7h",
"modified": "2022-04-01T13:56:42Z",
"published": "2022-04-01T13:56:42Z",
"aliases": [ "CVE-2022-27651" ],
"summary": "Non-empty default inheritable capabilities for linux container in Buildah",
"details": "A bug was found in Buildah where containers were created ...",
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containers/buildah"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.25.0"
}
]
}
]
}
],
"references": [
{
"type": "WEB",
"url": "https://github.com/containers/buildah/commit/..."
},
{
"type": "PACKAGE",
"url": "https://github.com/containers/buildah"
}
],
}
Use the API
An easy-to-use API is available to query for all known vulnerabilities
by either a commit hash, or a package version.
Query by commit hash
curl -X POST -d \
'{"commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f"}' \
"https://api.osv.dev/v1/query"
Query by version number
curl -X POST -d \
'{"version": "2.4.1",
"package": {"name": "jinja2", "ecosystem": "PyPI"}}' \
"https://api.osv.dev/v1/query"
Open source
This project is open source. Contributions are welcome!