This is the repository for the Open Source Vulnerability schema, which is currently exported by:
- GitHub Security Advisories
- PyPI Advisory Database
- Go Vulnerability Database
- Rust Advisory Database
- Global Security Database
- OSS-Fuzz
- LoopBack Advisory Database
Together, these include vulnerabilities from:
- npm
- Maven
- Go
- NuGet
- PyPI
- RubyGems
- crates.io
- Packagist
- Linux
- OSS-Fuzz
These vulnerabilites are aggregated by https://osv.dev.
Reference tooling (e.g. converters) can be found in the tools/ directory
The current version of spec is rendered here.