An open, precise, and distributed approach to producing and consuming vulnerability information for open source.

All advisories in this database use the OpenSSF OSV format, which was developed in collaboration with open source communities. The OSV schema provides a human and machine readable data format to describe vulnerabilities in a way that precisely maps to open source package versions or commit hashes.

An easy-to-use API is available to query for all known vulnerabilities by either a commit hash, or a package version.

Patch into Searx?