awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
google avatar

google/osv.dev

0
View on GitHub↗
2,494 Stars·283 Forks·Python·apache-2.0·1 Aufrufosv.dev↗

Osv.dev

OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records.

The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-based impact analysis, using version bisections in isolated containers to determine the exact range of affected software versions.

The system provides capabilities for software dependency scanning, allowing users to identify known flaws by mapping project versions and commit hashes against the vulnerability database. It includes tools for batch package querying, library version identification, and vulnerability record validation to ensure data integrity.

The project also provides auditing utilities to identify and report ingestion failures and data integrity issues during the import process.

Features

  • Vulnerability Aggregators - Functions as a centralized aggregator that collects and normalizes security data from various open-source ecosystems.
  • Ecosystem Normalizers - Functions as a centralized system that collects and normalizes security data from diverse ecosystems into a unified format.
  • Dataset Distribution Services - Ships a cloud-based distribution service for bulk vulnerability dataset exports and incremental updates.
  • Data Normalization - Collects and normalizes security advisories from diverse open-source ecosystems and external databases into a single unified format.
  • Schema-Driven Data Normalizers - Converts diverse security advisories from multiple ecosystems into a single unified format using a standardized open source schema.
  • External Data Ingestion - Provides web endpoints to ingest vulnerability contributions and updates from external sources to maintain a real-time database.
  • Vulnerability Detail Retrievals - Fetches comprehensive information about a specific vulnerability using its unique identifier.
  • CVE Vulnerability Search Engines - Provides a searchable distributed aggregator of open-source vulnerability databases to identify risks in dependencies.
  • Dependency Vulnerability Scanners - Provides tools for identifying known security flaws in project dependencies by cross-referencing versions against a vulnerability database.
  • Dependency Vulnerability Scanning - Checks software dependencies and lockfiles against a distributed database to identify known security flaws.
  • Vulnerability Database Management - Provides systems for synchronizing and maintaining local copies of security metadata through bulk exports and incremental updates.
  • Vulnerability Databases - Provides a system for submitting vulnerability information to a database via web API to keep security data current.
  • Vulnerability Data Query Engines - Determines if a specific software version or commit is affected by a vulnerability using precise version ranges and identifiers.
  • Vulnerability Analysis Tools - Executes bisections and impact analysis tasks in sandboxed containers to determine the scope of software vulnerabilities.
  • Affected Version Bisections - Determines the exact range of affected software versions using bisection and version analysis.
  • Vulnerability Contributions - Supports the submission and validation of new vulnerability records via API to keep open source security data current.
  • Vulnerability Database APIs - Offers a programmatic web interface for querying package vulnerabilities and submitting standardized security records.
  • Vulnerability Data Aggregators - Collects and serves security information from multiple sources that follow a standardized open-source vulnerability format.
  • Vulnerability Data Synchronization - Imports security records from public repositories, web APIs, or cloud storage buckets after validating they match a specific schema.
  • Vulnerability Schema Validations - Provides validation to ensure that vulnerability data conforms to a standardized open-source schema.
  • Sandbox-Based Analysis - Runs version bisections and vulnerability tests inside isolated containers to determine the exact range of affected software versions.
  • Bulk Dataset Export - Exports bulk vulnerability datasets as compressed archives stored in public cloud buckets for high-throughput offline downloading.
  • Incremental Data Synchronization - Tracks modification dates for vulnerability records to allow clients to fetch only new or updated data since a specific point.
  • Vulnerability Datasets - Exports the complete vulnerability database or ecosystem-specific subsets as compressed archives via a public cloud bucket.
  • Vulnerability Package Queries - Allows retrieving vulnerability IDs and modification dates for a batch of packages in a single request.
  • Cross-Ecosystem Relation Mappings - Links vulnerability records to equivalent identifiers and tracks dependencies across diverse package ecosystems.
  • Package and Version Identification - Matches source code hashes of libraries to the closest upstream library and version for accurate identification.
  • Hash-Based Resolutions - Matches software source code hashes to upstream library versions to identify the exact release affected by a flaw.
  • Vulnerability Dependency Mapping - Identifies known vulnerabilities by mapping a project's list of dependencies against a distributed database of security advisories.

Star-Verlauf

Star-Verlauf für google/osv.devStar-Verlauf für google/osv.dev

KI-Suche

Entdecke weitere awesome Repositories

Beschreibe in einfachen Worten, was du brauchst — die KI bewertet tausende kuratierte Open-Source-Projekte nach Relevanz.

Start searching with AI

Open-Source-Alternativen zu Osv.dev

Ähnliche Open-Source-Projekte, sortiert nach der Anzahl der gemeinsamen Funktionen mit Osv.dev.
  • cve-search/cve-searchAvatar von cve-search

    cve-search/cve-search

    2,593Auf GitHub ansehen↗

    cve-search is a vulnerability search engine and database manager designed to index, synchronize, and query CVE and CPE security vulnerability data. It functions as a security data warehouse that imports vulnerability feeds into a local database to enable fast, keyword-based discovery of security flaws. The project provides a web-based vulnerability browser and a programmatic JSON API for retrieving records and risk scores. It utilizes full-text indexing for vulnerability descriptions and implements an identity-verified security portal using the OpenID Connect standard for user authentication.

    Pythoncommon-vulnerabilitiescpecve
    Auf GitHub ansehen↗2,593
  • dependencytrack/dependency-trackAvatar von DependencyTrack

    DependencyTrack/dependency-track

    3,612Auf GitHub ansehen↗

    Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity

    Javaappsecbill-of-materialsbom
    Auf GitHub ansehen↗3,612
  • github/advisory-databaseAvatar von github

    github/advisory-database

    2,337Auf GitHub ansehen↗

    The advisory database is a centralized repository and intelligence platform designed to aggregate, normalize, and track security vulnerability data across diverse open source software ecosystems. It functions as a unified source of truth for security advisories, providing machine-readable records that help developers and automated tools identify and manage threats within their software supply chains. The platform distinguishes itself by utilizing a version-controlled, git-based storage model that relies on pull-request-driven workflows for community curation and verification. By enforcing a s

    Auf GitHub ansehen↗2,337
  • wpscanteam/wpscanAvatar von wpscanteam

    wpscanteam/wpscan

    9,636Auf GitHub ansehen↗

    WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the

    Ruby
    Auf GitHub ansehen↗9,636
Alle 30 Alternativen zu Osv.dev anzeigen→

Häufig gestellte Fragen

Was macht google/osv.dev?

OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records.

Was sind die Hauptfunktionen von google/osv.dev?

Die Hauptfunktionen von google/osv.dev sind: Vulnerability Aggregators, Ecosystem Normalizers, Dataset Distribution Services, Data Normalization, Schema-Driven Data Normalizers, External Data Ingestion, Vulnerability Detail Retrievals, CVE Vulnerability Search Engines.

Welche Open-Source-Alternativen gibt es zu google/osv.dev?

Open-Source-Alternativen zu google/osv.dev sind unter anderem: cve-search/cve-search — cve-search is a vulnerability search engine and database manager designed to index, synchronize, and query CVE and CPE… dependencytrack/dependency-track — Dependency-Track is a software composition analysis tool and vulnerability management system designed to track… github/advisory-database — The advisory database is a centralized repository and intelligence platform designed to aggregate, normalize, and… wpscanteam/wpscan — WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress… future-architect/vuls — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating… strozfriedberg/windows-exploit-suggester — Windows-Exploit-Suggester is a security analysis tool designed to audit patch levels and identify vulnerabilities on…