POST /v1/query
Lists vulnerabilities for given package and version. May also be queried by commit hash.
To query multiple packages at once, see further information here.
Table of contents
Parameters
Parameter | Type | Description |
---|---|---|
commit | string | The commit hash to query for. If specified, version should not be set. |
version | string | The version string to query for. A fuzzy match is done against upstream versions. If specified, commit should not be set. |
package | object | The package to query against. When a commit hash is given, this is optional. |
Package Objects can be described by package name AND ecosystem OR by the package URL.
Attribute | Type | Description |
---|---|---|
name | string | Name of the package. Should match the name used in the package ecosystem (e.g. the npm package name). For C/C++ projects integrated in OSS-Fuzz, this is the name used for the integration. If using name to specify the package, ecosystem must also be used and purl should not be set. |
ecosystem | string | The ecosystem for this package. For the complete list of valid ecosystem names, see here. Must be included if identifying the package by name . If specifying by name and ecosystem , purl should not be set. |
purl | string | The package URL for this package. If purl is used to specify the package, name and ecosystem should not be set. |
Payload
{
"commit": "string",
"version": "string",
"package": {
"name": "string",
"ecosystem": "string",
"purl": "string"
}
}
Request samples
curl -d \
'{"commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f"}' \
"https://api.osv.dev/v1/query"
curl -d \
'{"package": {"name": "mruby"}, "version": "2.1.2rc"}' \
"https://api.osv.dev/v1/query"
Sample 200 response
{
"vulns": [
{
"id": "OSV-2020-744",
"summary": "Heap-double-free in mrb_default_allocf",
"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801\n\n```\nCrash type: Heap-double-free\nCrash state:\nmrb_default_allocf\nmrb_free\nobj_free\n```\n",
"modified": "2022-04-13T03:04:39.780694Z",
"published": "2020-07-04T00:00:01.948828Z",
"references": [
{
"type": "REPORT",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801"
}
],
"affected": [
{
"package": {
"name": "mruby",
"ecosystem": "OSS-Fuzz",
"purl": "pkg:generic/mruby"
},
"ranges": [
{
"type": "GIT",
"repo": "https://github.com/mruby/mruby",
"events": [
{
"introduced": "9cdf439db52b66447b4e37c61179d54fad6c8f33"
},
{
"fixed": "97319697c8f9f6ff27b32589947e1918e3015503"
}
]
}
],
"versions": [
"2.1.2",
"2.1.2-rc",
"2.1.2-rc2"
],
"ecosystem_specific": {
"severity": "HIGH"
},
"database_specific": {
"source": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml"
}
}
],
"schema_version": "1.4.0"
}
]
}