OSV MCP Server
@ptelang
MCP Server for Vulnerabilities based on OSV API
Overview
What is OSV MCP Server?
OSV MCP Server is a Python-based MCP (Model Context Protocol) server that integrates Open Source Vulnerabilities (OSV) data and tools with AI assistants or large language models (LLMs). It is designed for developers and security researchers who want to query vulnerability information through an LLM interface.
How to use OSV MCP Server?
Clone the repository, create a virtual environment with uv, install dependencies using uv sync, and start the server with uv run vulns.py. For use with Claude Desktop, add the server configuration to claude_desktop_config.json specifying the uv command and path to the project.
Key features of OSV MCP Server
- Exposes OSV vulnerability data via the MCP protocol
- Provides a
query_vulnerabilitiestool for LLM invocation - Simple Python-based setup with
uvpackage manager - Easily connectable to any MCP‑compatible AI assistant
Use cases of OSV MCP Server
- Query open source vulnerabilities using natural language through an LLM
- Integrate vulnerability lookup into AI‑driven security workflows
- Enable developers to check dependency risks via conversational interface
- Automate vulnerability research with LLM tool‑calling capabilities
FAQ from OSV MCP Server
What prerequisites are required to run OSV MCP Server?
Python 3.8+ and the uv package manager must be installed on your system.
How do I connect OSV MCP Server to Claude Desktop?
Add the server configuration to claude_desktop_config.json with the uv command, the absolute path to the project directory, and run vulns.py as arguments.
Where does the vulnerability data come from?
The server retrieves data from the OSV (Open Source Vulnerabilities) database. The README does not specify further details about data storage or caching.
What tool does the server expose to LLMs?
The server exposes a query_vulnerabilities tool that can be invoked by connected AI assistants.
Is OSV MCP Server open source and what is its license?
Yes, the source code is available and licensed under the MIT License (as indicated in the README).