This is the repository for the Open Source Vulnerability schema, which is currently exported by:
- GitHub Security Advisories
- PyPI Advisory Database
- Go Vulnerability Database
- Rust Advisory Database
- Global Security Database
- OSS-Fuzz
- LoopBack Advisory Database
Together, these include vulnerabilities from:
- Android
- crates.io
- Debian GNU/Linux
- GitHub Actions
- Go
- Hex
- Linux kernel
- Maven
- npm
- NuGet
- OSS-Fuzz
- Packagist
- Pub
- PyPI
- RubyGems
These vulnerabilites are aggregated by https://osv.dev.
Reference tooling (e.g. converters) can be found in the tools/ directory
The current version of spec is rendered here.