Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ossf/osv-schema

Open Source Vulnerability schema.
https://github.com/ossf/osv-schema

Last synced: 3 days ago
JSON representation

Open Source Vulnerability schema.

Host: GitHub
URL: https://github.com/ossf/osv-schema
Owner: ossf
License: apache-2.0
Created: 2021-07-26T21:55:15.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-11-27T23:49:33.000Z (16 days ago)
Last Synced: 2024-11-28T00:28:25.727Z (16 days ago)
Language: Python
Homepage: https://ossf.github.io/osv-schema/
Size: 594 KB
Stars: 187
Watchers: 30
Forks: 84
Open Issues: 37
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # Open Source Vulnerability Schema

This is the repository for the Open Source Vulnerability schema (OSV Schema), which is currently exported by:

- [AlmaLinux](https://github.com/AlmaLinux/osv-database)

- [Bitnami Vulnerability Database](https://github.com/bitnami/vulndb)

- [Chainguard](https://packages.cgr.dev/chainguard/osv/all.json)

- [Curl](https://curl.se/docs/vuln.json)

- [GitHub Security Advisories](https://github.com/github/advisory-database)

- [Global Security Database](https://github.com/cloudsecurityalliance/gsd-database)

- [Go Vulnerability Database](https://github.com/golang/vulndb)

- [Haskell Security Advisories](https://github.com/haskell/security-advisories)

- [LoopBack Advisory Database](https://github.com/loopbackio/security/tree/main/advisories)

- [Malicious Packages Repository](https://github.com/ossf/malicious-packages)

- [Mageia Advisories](https://advisories.mageia.org/)

- [OSS-Fuzz](https://github.com/google/oss-fuzz-vulns)

- [OSV.dev maintained converters](https://github.com/google/osv.dev#current-data-sources) (Debian, Alpine, NVD)

- [PyPI Advisory Database](https://github.com/pypa/advisory-database)

- [Python Software Foundation Database](https://github.com/psf/advisory-database)

- [RConsortium Advisory Database](https://github.com/RConsortium/r-advisory-database)

- [Red Hat](https://security.access.redhat.com/data)

- [Rocky Linux](https://distro-tools.rocky.page/apollo/openapi/#osv)

- [Rust Advisory Database](https://github.com/RustSec/advisory-db)

- [SUSE](https://www.suse.com/support/security/)

- [Ubuntu](https://github.com/canonical/ubuntu-security-notices/)

- [VMWare Photon OS](https://github.com/vmware/photon/wiki/Security-Advisories) (unofficial)

Together, these include vulnerabilities from:

-   AlmaLinux

-   Alpine

-   Android

-   Bitnami

-   Chainguard

-   crates.io

-   Debian GNU/Linux

-   GitHub Actions

-   Go

-   Haskell

-   Hex

-   Linux kernel

-   Mageia

-   Maven

-   npm

-   NuGet

-   openSUSE

-   OSS-Fuzz

-   Packagist

-   Photon OS

-   Pub

-   PyPI

-   Python

-   R (CRAN and Bioconductor)

-   Red Hat

-   SUSE

-   Rocky Linux

-   RubyGems

-   Ubuntu

These vulnerabilities are aggregated by .

Join the discussion in the [OpenSSF Slack](https://slack.openssf.org/) channel [#osv_schema](https://openssf.slack.com/archives/C03K6SZBH2S)

Reference tooling (e.g. converters) can be found in the [tools/](tools) directory

The current version of the specification is rendered [here](https://ossf.github.io/osv-schema/).

The OSV-Schema specification and the tools here are maintained by the [Open Source Security Foundation (OpenSSF)](https://openssf.org/) [Vulnerability Disclosures Working Group (WG)](https://github.com/ossf/wg-vulnerability-disclosures).