query_package_vulns
Pack: osv · Endpoint: https://gateway.pipeworx.io/osv/mcp
Find all known vulnerabilities for an open-source package, optionally at a specific version, via the OSV.dev database. Omit version to get every vuln known for the package. Returns a compact summary array (id, summary, aliases, severity, references). Keyless.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
name | string | yes | Package name, e.g. “lodash”, “django”, “log4j-core”, “serde”. |
ecosystem | string | yes | Package ecosystem. Examples: “npm”, “PyPI”, “Go”, “Maven”, “crates.io”, “RubyGems”, “NuGet”. |
version | string | no | Optional package version, e.g. “4.17.20”. If given, only vulns affecting that version are returned; if omitted, all vulns for the package are returned. |
Example call
curl -X POST https://gateway.pipeworx.io/osv/mcp \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"query_package_vulns","arguments":{}}}'Connect
Add this to your MCP client config, or use one-click install buttons:
{
"mcpServers": {
"osv": {
"url": "https://gateway.pipeworx.io/osv/mcp"
}
}
}See Getting Started for client-specific install steps.