Scan npm dependencies for known CVEs (OSV + CISA KEV)
Paste a dependency list and get every known vulnerability with severity, CISA KEV flag, and fixed version — an instant SBOM risk report.
SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)malonestar/sbom-vulnerability-rollup
Package
Ecosystem
Installed version
Severity
+6 fieldsTextNumberBooleanListObject
Input
Dependencies (direct input)
name:lodash+1
version:4.17.15+1
ecosystem:npm+1
Output fields
Package
Ecosystem
Installed version
Severity
CVSS score
KEV exploited
Fixed version (upgrade target)
Fix available
Vulnerability ID
OSV URL
Sign up on Apify01
Create your Apify account to access the SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV).
Start the run02
The Actor will start running based on the input automatically.
Receive the output03
Monitor the progress in real-time. You will be notified as soon as your dataset is complete and ready for review.
Integrate into your workflow04
The final output is delivered in JSON, CSV, or Excel format, ready to be plugged into your workflow.
