VOOZH about

URL: https://apify.com/orbiscribe/osv-package-vulnerability-monitor

โ‡ฑ OSV Package Vulnerability Monitor ยท Apify

Pricing

$3.00 / 1,000 osv package vulnerability matches

Go to Apify Store

OSV Package Vulnerability Monitor

Monitor package vulnerability records from OSV.dev for npm, PyPI, Go, Maven, crates.io, RubyGems, and SBOM-derived package lists.

Pricing

$3.00 / 1,000 osv package vulnerability matches

Rating

0.0

(0)

Developer

๐Ÿ‘ Orbiscribe Labs

Orbiscribe Labs

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

a month ago

Last modified

Share

Monitor package watchlists against OSV.dev and get structured vulnerability records for remediation, SBOM review, and dependency-risk workflows.

This Actor is for security teams, MSPs, developer-platform teams, and software agencies that need to check public package names from lockfiles, SBOM exports, or customer inventories. It supports OSV ecosystems such as npm, PyPI, Go, Maven, crates.io, and RubyGems.

What It Does

  • Checks package names and optional versions against the public OSV API
  • Emits vulnerability IDs, CVE aliases, summaries, affected ranges, and fixed versions
  • Marks records as new, modified, or unchanged across scheduled runs
  • Produces dataset rows, high-priority exports, a buyer brief, and Slack-ready alerts
  • Works without credentials

Input

{
"packages":[
{"name":"lodash","ecosystem":"npm"},
{"name":"django","ecosystem":"PyPI"},
{"name":"org.apache.logging.log4j:log4j-core","ecosystem":"Maven"}
],
"maxVulnerabilitiesPerPackage":5,
"compareToPreviousRun":true,
"dryRun":false
}

Output

Each row includes package, ecosystem, optional version, OSV ID, aliases, priority, summary, affected ranges, fixed versions, references, source URL, and change state.

{
"recordType":"osv_package_vulnerability_match",
"packageName":"lodash",
"ecosystem":"npm",
"vulnerabilityId":"GHSA-29mw-wpgm-hmr9",
"aliases":["CVE-2020-28500"],
"changeType":"new_vulnerability",
"priority":"high",
"fixedVersions":["4.17.21"],
"sourceUrl":"https://osv.dev/vulnerability/GHSA-29mw-wpgm-hmr9"
}

Why Use This

Generic CVE feeds are awkward when the input you actually have is a package list. This Actor uses package-first OSV lookups and returns fixed-version hints that are easier to route into dependency remediation workflows.

Pricing

Recommended Apify pricing is pay per event:

  • osv-vulnerability-match: $0.003 per emitted vulnerability record
  • Dry runs are free
  • Free-plan users get the first 25 live records without this Actor's custom event charge

Compliance Notes

This Actor uses public OSV.dev data. Results should be verified against your lockfiles, SBOMs, deployed versions, vendor advisories, and internal remediation policy.

You might also like

OSV Open Source Vulnerabilities Scraper

parseforge/osv-vulnerabilities-scraper

Query the OSV.dev open-source vulnerabilities database. Search by package (PyPI/npm/Go/Maven/RubyGems/crates.io/NuGet/Packagist), commit hash, or fetch a specific vulnerability by ID. Returns affected ranges, CVE aliases, severity, and references.

OSV.dev Vulnerabilities Scraper

crawlerbros/osv-vulnerabilities-scraper

Scrape OSV.dev, Google's open vulnerability database covering NPM, PyPI, Go, Maven, NuGet, Cargo, RubyGems, GitHub Actions, OS distros, and more. Look up vulnerabilities by package, fetch a specific OSV/GHSA/CVE record, or batch-query an entire dependency tree.

NPM & PyPI CVE Monitor

conceivable_extension/npm-cve-monitor

Checks npm and PyPI packages against the OSV vulnerability database and npm registry. Detects CVEs, suspicious maintainer patterns, and supply chain risks. Paste your package.json or requirements.txt. ยฃ0.001 per package checked.

2

PyPI Vulnerability Scraper

taroyamada/pypi-package-intelligence

Extract Python package metadata from PyPI and enrich it with OSV database alerts. Monitor dependencies for new version releases and critical CVE identifiers.