`query_batch`

Pack: osv · Endpoint: https://gateway.pipeworx.io/osv/mcp

Batch vulnerability query against OSV.dev (up to 1000 entries per call) — for SBOM-style “scan every dependency in this lockfile” workflows. Pass an array of {package:{name,ecosystem}, version?} or {commit} entries. Returns the vuln IDs matched per query (use get_vulnerability for full detail per ID). Keyless.

Parameters

Name	Type	Required	Description
`queries`	array	yes	Up to 1000 query objects. Each: {package:{name,ecosystem}, version?} or {commit}.
`items`	object	no
`Each`	unknown	no
`package`	unknown	no

Example call

Arguments

{
  "queries": [
    {
      "package": {
        "name": "django",
        "ecosystem": "PyPI"
      },
      "version": "3.0.0"
    },
    {
      "package": {
        "name": "log4j-core",
        "ecosystem": "Maven"
      },
      "version": "2.14.1"
    },
    {
      "commit": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
    }
  ]
}

curl

curl -X POST https://gateway.pipeworx.io/osv/mcp \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"query_batch","arguments":{"queries":[{"package":{"name":"django","ecosystem":"PyPI"},"version":"3.0.0"},{"package":{"name":"log4j-core","ecosystem":"Maven"},"version":"2.14.1"},{"commit":"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"}]}}}'

TypeScript (@pipeworx/sdk)

import { Pipeworx } from '@pipeworx/sdk';
const pipeworx = new Pipeworx();

const result = await pipeworx.call('query_batch', {
  "queries": [
    {
      "package": {
        "name": "django",
        "ecosystem": "PyPI"
      },
      "version": "3.0.0"
    },
    {
      "package": {
        "name": "log4j-core",
        "ecosystem": "Maven"
      },
      "version": "2.14.1"
    },
    {
      "commit": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
    }
  ]
});

Response shape

Field	Type	Description
`results`	array	Batch query results (one per input query)

Full JSON Schema

{
  "type": "object",
  "properties": {
    "results": {
      "type": "array",
      "description": "Batch query results (one per input query)",
      "items": {
        "type": "object",
        "properties": {
          "vulns": {
            "type": "array",
            "description": "Vulnerabilities for this query",
            "items": {
              "type": "object"
            }
          }
        }
      }
    }
  }
}

Connect

Add this to your MCP client config, or use one-click install buttons:

{
  "mcpServers": {
    "osv": {
      "url": "https://gateway.pipeworx.io/osv/mcp"
    }
  }
}

See Getting Started for client-specific install steps.

query_batch