OSV FAQs

Question 1

How do I find all CVEs associated with a particular package?

Accepted Answer

Use the 'query_package_cve' tool. Provide the package name (and optionally the version and ecosystem) to retrieve a list of associated CVE IDs.

Question 2

What can I do with OSV MCP Server?

Accepted Answer

You can find CVE IDs for specific packages, identify affected package versions for a CVE, pinpoint package versions that resolve a CVE, and retrieve a list of currently supported ecosystems.

Question 3

What is OSV MCP Server?

Accepted Answer

It's a lightweight Model Context Protocol (MCP) server that allows you to query the OSV database for vulnerability information related to software packages and CVEs.

Question 4

Is OSV MCP Server compatible with my IDE or coding assistant?

Accepted Answer

The server is tested and confirmed to work with Cursor and Claude. You can easily integrate it following the provided installation guide.

Question 5

What are the prerequisites for using OSV MCP Server?

Accepted Answer

You need Python 3.11 or higher and uv (a fast Python package installer). Refer to the installation instructions for detailed steps.

OSV

About

Key Features

Use Cases