OSV Schema

This is the repository for the Open Source Vulnerability schema (OSV Schema), which is currently exported by:

OSS-Fuzz
OSV.dev maintained converters (Debian, Alpine, NVD)
PyPI Advisory Database
Python Software Foundation Database
RConsortium Advisory Database
Rocky Linux
Rust Advisory Database
Ubuntu
VMWare Photon OS

Together, these include vulnerabilities from:

AlmaLinux
Alpine
Android
Bitnami
crates.io
Debian GNU/Linux
GitHub Actions
Go
Haskell
Hex
Linux kernel
Maven

npm
NuGet
OSS-Fuzz
Packagist
Photon OS
Pub
PyPI
Python
R (CRAN and Bioconductor)
Rocky Linux
RubyGems
Ubuntu

These vulnerabilites are aggregated by https://osv.dev.

Reference tooling (e.g. converters) can be found in the tools/ directory

The current version of the specification is rendered here.

The OSV-Schema specification and the tools here are maintained by the Open Source Security Foundation (OpenSSF) Vulnerability Disclosures Working Group (WG).

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

OSV Schema

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

OSV Schema

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox