OSV Package Vulnerability Monitor avatar

OSV Package Vulnerability Monitor

Pricing

$3.00 / 1,000 osv package vulnerability matches

Try for free
Go to Apify Store
OSV Package Vulnerability Monitor

OSV Package Vulnerability Monitor

Try for free

Monitor package vulnerability records from OSV.dev for npm, PyPI, Go, Maven, crates.io, RubyGems, and SBOM-derived package lists.

Pricing

$3.00 / 1,000 osv package vulnerability matches

Rating

0.0

(0)

Developer

Orbiscribe Labs

Orbiscribe Labs

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

4 days ago

Last modified

Categories

Developer tools

Automation

Business

Share

Monitor package watchlists against OSV.dev and get structured vulnerability records for remediation, SBOM review, and dependency-risk workflows.

This Actor is for security teams, MSPs, developer-platform teams, and software agencies that need to check public package names from lockfiles, SBOM exports, or customer inventories. It supports OSV ecosystems such as npm, PyPI, Go, Maven, crates.io, and RubyGems.

What It Does

  • Checks package names and optional versions against the public OSV API
  • Emits vulnerability IDs, CVE aliases, summaries, affected ranges, and fixed versions
  • Marks records as new, modified, or unchanged across scheduled runs
  • Produces dataset rows, high-priority exports, a buyer brief, and Slack-ready alerts
  • Works without credentials

Input

{
  "packages": [
    { "name": "lodash", "ecosystem": "npm" },
    { "name": "django", "ecosystem": "PyPI" },
    { "name": "org.apache.logging.log4j:log4j-core", "ecosystem": "Maven" }
  ],
  "maxVulnerabilitiesPerPackage": 5,
  "compareToPreviousRun": true,
  "dryRun": false
}

Output

Each row includes package, ecosystem, optional version, OSV ID, aliases, priority, summary, affected ranges, fixed versions, references, source URL, and change state.

{
  "recordType": "osv_package_vulnerability_match",
  "packageName": "lodash",
  "ecosystem": "npm",
  "vulnerabilityId": "GHSA-29mw-wpgm-hmr9",
  "aliases": ["CVE-2020-28500"],
  "changeType": "new_vulnerability",
  "priority": "high",
  "fixedVersions": ["4.17.21"],
  "sourceUrl": "https://osv.dev/vulnerability/GHSA-29mw-wpgm-hmr9"
}

Why Use This

Generic CVE feeds are awkward when the input you actually have is a package list. This Actor uses package-first OSV lookups and returns fixed-version hints that are easier to route into dependency remediation workflows.

Pricing

Recommended Apify pricing is pay per event:

  • osv-vulnerability-match: $0.003 per emitted vulnerability record
  • Dry runs are free
  • Free-plan users get the first 25 live records without this Actor's custom event charge

Compliance Notes

This Actor uses public OSV.dev data. Results should be verified against your lockfiles, SBOMs, deployed versions, vendor advisories, and internal remediation policy.

You might also like

OSV Open Source Vulnerabilities Scraper avatar

OSV Open Source Vulnerabilities Scraper

parseforge/osv-vulnerabilities-scraper

Query the OSV.dev open-source vulnerabilities database. Search by package (PyPI/npm/Go/Maven/RubyGems/crates.io/NuGet/Packagist), commit hash, or fetch a specific vulnerability by ID. Returns affected ranges, CVE aliases, severity, and references.

User avatar

ParseForge

2

OSV.dev Vulnerabilities Scraper avatar

OSV.dev Vulnerabilities Scraper

crawlerbros/osv-vulnerabilities-scraper

Scrape OSV.dev, Google's open vulnerability database covering NPM, PyPI, Go, Maven, NuGet, Cargo, RubyGems, GitHub Actions, OS distros, and more. Look up vulnerabilities by package, fetch a specific OSV/GHSA/CVE record, or batch-query an entire dependency tree.

User avatar

Crawler Bros

2

5.0

🛡️ PyPI Vulnerability Scraper avatar

🛡️ PyPI Vulnerability Scraper

taroyamada/pypi-package-intelligence

Extract Python package metadata from PyPI and enrich it with OSV database alerts. Monitor dependencies for new version releases and critical CVE identifiers.

User avatar

太郎 山田

2

PP

PyPI Package Dependency Intelligence

taroyamada/pypi-package-dependency-intelligence

Extract Python package dependency declarations, release cadence, maintainer hints, download stats, and OSV vulnerability summaries from the official PyPI JSON API.

User avatar

太郎 山田

2

CP

Crates.io Package Scraper

cloud9_ai/cratesio-scraper

Search and extract Rust package data from Crates.io. Get download stats, versions, dependencies, and metadata. No API key required.

User avatar

cloud9

2

PP

Pypi Package Scraper

openclawmara/pypi-package-scraper

Scrape PyPI the Python Package Index. Extract package metadata, download statistics, version history, dependencies, and maintainer info. Track new releases and popularity trends. Perfect for Python ecosystem analysis and package research.

User avatar

OpenClaw Mara

2

NPM Vulnerability Checker avatar

NPM Vulnerability Checker

automation-lab/npm-vulnerability-checker

Check npm packages for known vulnerabilities via OSV.dev API. Input package names with optional versions — get CVE IDs, severity (CRITICAL/HIGH/MEDIUM/LOW), affected ranges, and fix versions. No proxy needed.

User avatar

Stas Persiianenko

2

npm Package Scraper avatar

npm Package Scraper

plantane/npm-scraper

Scrape npm package data — search packages or get detailed info including versions, maintainers, and download stats.

User avatar

Daniel

2

NP

npm Package Dependency Intelligence

taroyamada/npm-package-dependency-intelligence

Analyze npm package metadata, versions, dependencies, maintainer hints, release cadence, and package risk signals using the official npm registry API.

User avatar

太郎 山田

2

NP

NPM Package Scraper

glassventures/npm-package-scraper

Scrape NPM package data. Extract name, version, downloads, dependencies, maintainers, and more. Export to JSON, CSV, Excel.

User avatar

Glass Ventures

2