Scan npm dependencies for known CVEs (OSV + CISA KEV)

Paste a dependency list and get every known vulnerability with severity, CISA KEV flag, and fixed version — an instant SBOM risk report.

Try for free
SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)
SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)malonestar/sbom-vulnerability-rollup
Package
Ecosystem
Installed version
Severity
+6 fields
Text
Number
Boolean
List
Object

Input

Dependencies (direct input)
name:lodash+1
version:4.17.15+1
ecosystem:npm+1

Output fields

Package
Ecosystem
Installed version
Severity
CVSS score
KEV exploited
Fixed version (upgrade target)
Fix available
Vulnerability ID
OSV URL

How it works

Sign up on Apify01

Create your Apify account to access the SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV).

Start the run02

The Actor will start running based on the input automatically.

Receive the output03

Monitor the progress in real-time. You will be notified as soon as your dataset is complete and ready for review.

Integrate into your workflow04

The final output is delivered in JSON, CSV, or Excel format, ready to be plugged into your workflow.

Image

Integrate Actor directly into your workflow

Choose from one of 100+ integration options we provide or integrate via API

Webhook

Webhook

n8n

n8n

Make

Make

Zapier

Zapier

Airbyte

Airbyte

Keboola

Keboola

IFTTT

IFTTT

Hubspot

Hubspot

GDrive

GDrive

Gmail

Gmail

Apify MCP

Apify MCP

GitHub

GitHub

Slack

Slack

LangChain

LangChain

LlamaIndex

LlamaIndex

Flowise

Flowise

Pinecone

Pinecone

OpenAI

OpenAI

Mastra

Mastra

Clay

Clay