Developer
Package vulnerabilities (OSV, severity-sorted) API
Query OSV.dev for a package (npm, PyPI, Go, crates.io, Maven, etc.) and return every advisory normalized into one clean schema — id, CVE/GHSA aliases, severity label, CVSS vector, summary, fixed-in versions, references — sorted worst-first. Answers 'known vulnerabilities in this package', 'CVEs for lodash 4.17.15', 'what version fixes this advisory', 'GHSA advisories for this dependency'.
Price$0.01per request
MethodPOST
Route/v1/dev/package-vulns
StatusLive
MIME typeapplication/json
Rate limit60/minute
Cache3600s public
devpackage-vulnsosvcveghsaadvisoryvulnerabilitiesdependency
API URL
Integration docshttps://x402.hexl.dev/v1/dev/package-vulnsExample request
{
"ecosystem": "npm",
"package": "lodash",
"version": "4.17.15"
}Example response
{
"package": "lodash",
"ecosystem": "npm",
"version": "4.17.15",
"total": 1,
"severityCounts": {
"CRITICAL": 0,
"HIGH": 1,
"MODERATE": 0,
"LOW": 0,
"UNKNOWN": 0
},
"highestSeverity": "HIGH",
"vulnerabilities": [
{
"id": "GHSA-p6mc-m468-83gw",
"severity": "HIGH",
"cvssVector": null,
"cveIds": [
"CVE-2020-8203"
],
"ghsaIds": [
"GHSA-p6mc-m468-83gw"
],
"summary": "Prototype Pollution in lodash",
"fixedIn": [
"4.17.19"
],
"published": "2020-07-15T00:00:00Z",
"references": [
"https://github.com/lodash/lodash/issues/4744"
]
}
]
}Input schema
{
"type": "object",
"required": [
"ecosystem",
"package"
],
"properties": {
"ecosystem": {
"type": "string",
"examples": [
"npm",
"PyPI",
"Go"
]
},
"package": {
"type": "string",
"examples": [
"lodash"
]
},
"version": {
"type": "string",
"examples": [
"4.17.15"
]
}
}
}Output schema
{
"type": "object",
"additionalProperties": true
}