OSV Schema

Open Source Vulnerability schema (OSV Schema) is currently exported by:

Together, these include vulnerabilities from:

  • AlmaLinux
  • Alpine
  • Android
  • Bitnami
  • crates.io
  • Debian GNU/Linux
  • GitHub Actions
  • Go
  • Haskell
  • Hex
  • Linux kernel
  • Maven
  • npm
  • NuGet
  • OSS-Fuzz
  • Packagist
  • Photon OS
  • Pub
  • PyPI
  • Python
  • R (CRAN and Bioconductor)
  • Rocky Linux
  • RubyGems
  • Ubuntu

These vulnerabilites are aggregated by https://osv.dev.

Reference tooling (e.g. converters) can be found in the tools/ directory

The current version of the specification is rendered here.

The OSV-Schema specification and the tools here are maintained by the Open Source Security Foundation (OpenSSF) Vulnerability Disclosures Working Group (WG).

Currently we are not meeting but join us on the slack channel #osv_schema to participate in the conversation!