Pricing

from $30.00 / 1,000 advisories

Dependency Advisory Monitor — OSV & GitHub Security

Scan npm, PyPI, Maven, Go & more dependencies for known vulnerabilities via OSV.dev and the GitHub Advisory Database. CI/CD-ready, no login.

Pricing

from $30.00 / 1,000 advisories

Rating

0.0

(0)

Developer

NexGenData

Actor stats

Bookmarked

Total users

Monthly active users

2 days ago

Last modified

📦 Dependency Advisory Monitor · OSV & GitHub Security

Scan your dependencies for known vulnerabilities across npm, PyPI, Maven, Go, crates.io and more — from the open-source OSV.dev database (which aggregates the GitHub Advisory DB and others). Built for devs and security teams wiring vuln-checks into CI/CD.

⚡ What you get

Field	Description
`package` / `ecosystem`	The dependency queried
`advisoryId`	OSV / GHSA advisory ID
`severity`	CVSS vector/score where available
`cveIds`	Cross-referenced CVE IDs
`summary`	Advisory summary
`affected`	Introduced/fixed version events
`references`	Source links

🎯 Use cases

CI/CD dependency security gates
Security teams auditing a software bill of materials (SBOM)
Engineering leads tracking advisories for owned packages
Vendor risk / supply-chain monitoring

🚀 Sample inputs

{ "packages": ["npm:lodash","pypi:django","maven:org.apache.logging.log4j:log4j-core"] }

{ "packages": ["go:golang.org/x/net"], "maxPerPackage": 10 }

📦 Sample output

{ "package": "lodash", "ecosystem": "npm", "advisoryId": "GHSA-jf85-cpcp-j695", "severity": "CVSS:3.1/...", "cveIds": ["CVE-2019-10744"], "summary": "Prototype Pollution in lodash", "affected": [{"introduced":"0"},{"fixed":"4.17.12"}] }

📊 Sample Output

Sample output

🛠 How it works

Source — OSV.dev /v1/query (official, no login), aggregating GitHub Advisory DB + ecosystem sources.
Normalize — maps ecosystem aliases (pip→PyPI, cargo→crates.io, …).
Enrich — pulls severity, CVE aliases, and affected version ranges.
Schema — one row per advisory.
Fallback — bad/unknown packages are logged and skipped.

💰 Pricing Example

Pay-per-event: $0.005 per run + $0.03 per advisory (advisory-record).

Advisories	Cost
100	~$3.00
500	~$15.01
2,000	~$60.01
Apify's $5 free credit covers ~166 advisories. Start free →

⚖️ Legal & data sources

Data from OSV.dev (open-source vulnerability database, openly licensed) which aggregates the GitHub Advisory Database and ecosystem advisories. Identified User-Agent; official public API.

❓ FAQ

Which ecosystems? npm, PyPI, Maven, Go, crates.io, RubyGems, NuGet, Packagist, and more. Do I need an API key? No. Maven format? maven:groupId:artifactId. Version-specific? Package-level today; version filtering on the roadmap. Fresh? Live from OSV at run time. CVE mapping? Yes — cveIds.

🆘 Troubleshooting

0 advisories — the package may have none, or the ecosystem alias is wrong (use npm/pypi/maven/go/...).
Unknown ecosystem — check spelling; see supported list above.
Maven returns nothing — use the full groupId:artifactId.
Too many — set maxPerPackage.

🏷️ About NexGenData

Structured public-data tools for analysts, developers, and operators. thenextgennexus.com.

OSV & GitHub Security Scraper

taroyamada/oss-vulnerability-monitor

Scrape GitHub Security Advisories and OSV databases to extract CVSS v3.1 base scores, fixed version tags, and patching details for your tech stack.

naoki anzai

PyPI Packages Scraper

parseforge/pypi-packages-scraper

Pull Python package data from PyPI. Returns name, version, summary, description, classifiers, license, author, project URLs (homepage, source, issues, docs), Python version requirement, dependencies, release history, last upload, and total release count. Direct lookup by package name.

ParseForge

GitHub Release & Tag Scraper

taroyamada/github-release-monitor

Automate your dependency tracking by monitoring GitHub repositories for new releases, extracting version bumps and changelog summaries.

naoki anzai

Docs & Changelog Drift Scraper

taroyamada/docs-changelog-drift-monitor

Track developer portals and software release notes to feed accurate, structured update data into your RAG pipelines and LLM models.

naoki anzai

🔍 Subdomain Finder & CT Log Scraper

taroyamada/subdomain-finder

Map website architectures by extracting subdomains from public Certificate Transparency logs to find unlinked staging sites.

naoki anzai

🌐 DNS Propagation Checker

taroyamada/dns-propagation-checker

Query up to 200 domains across 8 global resolvers to extract A, NS, and SOA records and audit worldwide nameserver propagation instantly.

naoki anzai

🧼 Scraped Data CSV Cleaner

taroyamada/csv-data-cleaner

Polish raw outputs from Google Maps and Instagram profile scrapers. Merge duplicate contacts, clear empty spreadsheet rows, and sort email lists automatically.

naoki anzai

Tech Events & CFP Calendar Scraper

taroyamada/tech-events-intelligence

Extract upcoming developer conferences, local meetups, and open Call for Papers (CFP) deadlines to build a comprehensive speaking schedule for your DevRel team.

naoki anzai

NPM & PyPI CVE Monitor

conceivable_extension/npm-cve-monitor

Checks npm and PyPI packages against the OSV vulnerability database and npm registry. Detects CVEs, suspicious maintainer patterns, and supply chain risks. Paste your package.json or requirements.txt. £0.001 per package checked.

joseph fadero

OSV.dev Vulnerabilities Scraper

crawlerbros/osv-vulnerabilities-scraper

Scrape OSV.dev, Google's open vulnerability database covering NPM, PyPI, Go, Maven, NuGet, Cargo, RubyGems, GitHub Actions, OS distros, and more. Look up vulnerabilities by package, fetch a specific OSV/GHSA/CVE record, or batch-query an entire dependency tree.