A lightweight shell script that scans node / bun / deno projects to detect vulnerable npm packages using OSV and GHSA vulnerabilities database or custom source formats (JSON / CSV / PURL / SBOM / SARIF / TRIVY)

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Autonomous “Shai-Hulud” engine that ingests malicious NPM package advisories from OSV, tracks versions and metadata, and maintains a continuously updated threat intelligence database.

A .NET library for Open Source Vulnerabilities (OSV) schema and API client.

Debian ELTS Security Advisories in OSV Format. Unofficial - not affiliated with Freexian.

Publish VMWare Photon Advisories in OSV format, automatically synced. Unofficial - not affiliated with VMWare

Simple Vulnerability Scanner: scan CycloneDX/SPDX SBOMs against OSV with JSON/HTML/SARIF reports

Skill to detect Vulnerability in your project

Parse and compare package versions and ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and others generous sponsors!

A collection of packages for using GitHub security advisories in Node.js.

A CLI tool to scan dependencies for vulnerabilities and flags potentially compromised dependencies (supply chain security).

Dependency vulnerability scanner and updater made with go ❤️

🛡️ Blazing fast Supply Chain Security tool written in Rust. Features ephemeral sandboxing, hybrid analysis (CVE + Heuristics), and entropy-based malware detection.

A modern web application for tracking and monitoring open source vulnerabilities (CVE, GHSA, and more)

Testing FreeBSD VuXML to OSVF conversion repo

Multi-purpose security scanner for source code, container images. Supports OSV.dev + EPSS scoring.

Web UI for docker images vulnerability scanning powered by osv-scanner

VaptFinder is a lightweight, privacy-focused Chrome Extension designed to help developers and security enthusiasts quickly identify potential vulnerabilities in web technologies.