This is the repository for the Open Source Vulnerability schema, which is currently exported by:
- GitHub Security Advisories
- PyPI Advisory Database
- Go Vulnerability Database
- Rust Advisory Database
- Global Security Database
- OSS-Fuzz
- LoopBack Advisory Database
- Rocky Linux
- AlmaLinux
- Haskell Security Advisories
- Bitnami Vulnerability Database
- OSV.dev maintained converters
- VMWare Photon OS (unofficial)
- RConsortium Advisory Database
Together, these include vulnerabilities from:
- AlmaLinux
- Alpine
- Android
- Bitnami
- crates.io
- Debian GNU/Linux
- GitHub Actions
- Go
- Haskell
- Hex
- Linux kernel
- Maven
- npm
- NuGet
- OSS-Fuzz
- Packagist
- Photon OS
- Pub
- PyPI
- R (CRAN and Bioconductor)
- Rocky Linux
- RubyGems
These vulnerabilites are aggregated by https://osv.dev.
Reference tooling (e.g. converters) can be found in the tools/ directory
The current version of spec is rendered here.