OSV Schema

Open Source Vulnerability schema (OSV Schema) is currently exported by:

AlmaLinux
Bitnami Vulnerability Database
Curl
GitHub Security Advisories
Global Security Database
Go Vulnerability Database
Haskell Security Advisories
LoopBack Advisory Database
Malicious Packages Repository
OSS-Fuzz
OSV.dev maintained converters (Debian, Alpine, NVD)
PyPI Advisory Database
Python Software Foundation Database
RConsortium Advisory Database
Rocky Linux
Rust Advisory Database
Ubuntu
VMWare Photon OS (unofficial)

Together, these include vulnerabilities from:

AlmaLinux
Alpine
Android
Bitnami
crates.io
Debian GNU/Linux
GitHub Actions
Go
Haskell
Hex
Linux kernel
Maven
npm
NuGet
OSS-Fuzz
Packagist
Photon OS
Pub
PyPI
Python
R (CRAN and Bioconductor)
Rocky Linux
RubyGems
Ubuntu

These vulnerabilites are aggregated by https://osv.dev.

Reference tooling (e.g. converters) can be found in the tools/ directory

The current version of the specification is rendered here.

The OSV-Schema specification and the tools here are maintained by the Open Source Security Foundation (OpenSSF) Vulnerability Disclosures Working Group (WG).

Currently we are not meeting but join us on the slack channel #osv_schema to participate in the conversation!

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

OSV Schema

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox