OSV Details

Get detailed information about a specific vulnerability from OSV.dev.

Endpoint

GET /api/v1/osv-details/:id

Path Parameters

Parameter	Type	Required	Description
`id`	string	Yes	OSV vulnerability identifier

Response

json

{
  "success": true,
  "data": {
    "id": "GHSA-rv95-896h-c2vc",
    "modified": "2024-01-10T12:00:00Z",
    "published": "2024-01-08T00:00:00Z",
    "summary": "Express allows untrusted input to be included in redirects",
    "details": "Express versions 4.x before 4.18.3 and 5.x before 5.0.0-beta.3 are vulnerable to...",
    "severity": [
      {
        "type": "CVSS_V3",
        "score": "7.5"
      }
    ],
    "affected": [
      {
        "package": {
          "ecosystem": "npm",
          "name": "express"
        },
        "ranges": [
          {
            "type": "SEMVER",
            "events": [
              { "introduced": "0" },
              { "fixed": "4.18.3" }
            ]
          }
        ]
      }
    ],
    "references": [
      {
        "type": "ADVISORY",
        "url": "https://github.com/advisories/GHSA-rv95-896h-c2vc"
      },
      {
        "type": "WEB",
        "url": "https://expressjs.com/en/changelog/4x.html"
      }
    ],
    "database_specific": {
      "cwe_ids": ["CWE-601"],
      "severity": "HIGH",
      "github_reviewed": true
    }
  },
  "timestamp": "2024-01-15T12:00:00.000Z"
}

Response Fields

Root Object

Field	Type	Description
`id`	string	OSV vulnerability identifier
`modified`	string	Last modification timestamp
`published`	string	Publication timestamp
`summary`	string	Brief vulnerability description
`details`	string	Full vulnerability description
`severity`	array	CVSS scores
`affected`	array	Affected packages and versions
`references`	array	External links
`database_specific`	object	Source-specific metadata

Affected Object

Field	Type	Description
`package.ecosystem`	string	Ecosystem (e.g., `npm`, `PyPI`)
`package.name`	string	Package name
`ranges`	array	Version ranges

Range Object

Field	Type	Description
`type`	string	Range type: `SEMVER`, `GIT`, `ECOSYSTEM`
`events`	array	Version events (`introduced`, `fixed`, `last_affected`)

Examples

Get GitHub Advisory Details

bash

curl "https://api.vulnpatch.dev/api/v1/osv-details/GHSA-rv95-896h-c2vc"

Get Debian Advisory Details

bash

curl "https://api.vulnpatch.dev/api/v1/osv-details/DEBIAN-CVE-2024-0853"

Get CVE Details

bash

curl "https://api.vulnpatch.dev/api/v1/osv-details/CVE-2024-0853"

Code Examples

JavaScriptPython

javascript

async function getVulnDetails(vulnId) {
  const response = await fetch(
    `https://api.vulnpatch.dev/api/v1/osv-details/${vulnId}`
  );
  const { data } = await response.json();

  console.log(`ID: ${data.id}`);
  console.log(`Summary: ${data.summary}`);
  console.log();
  console.log('Affected packages:');

  for (const affected of data.affected) {
    const pkg = affected.package;
    console.log(`- ${pkg.ecosystem}/${pkg.name}`);

    for (const range of affected.ranges || []) {
      const introduced = range.events.find(e => e.introduced)?.introduced;
      const fixed = range.events.find(e => e.fixed)?.fixed;
      if (introduced && fixed) {
        console.log(`  Versions ${introduced} to ${fixed}`);
      }
    }
  }
}

python

import requests

def get_vuln_details(vuln_id):
    response = requests.get(
        f'https://api.vulnpatch.dev/api/v1/osv-details/{vuln_id}'
    )
    data = response.json()['data']

    print(f"ID: {data['id']}")
    print(f"Summary: {data['summary']}")
    print()
    print('Affected packages:')

    for affected in data['affected']:
        pkg = affected['package']
        print(f"- {pkg['ecosystem']}/{pkg['name']}")

        for range_obj in affected.get('ranges', []):
            events = {e.get('introduced') or e.get('fixed'): e
                      for e in range_obj['events']}
            introduced = next((e.get('introduced') for e in range_obj['events']
                               if 'introduced' in e), None)
            fixed = next((e.get('fixed') for e in range_obj['events']
                          if 'fixed' in e), None)
            if introduced and fixed:
                print(f"  Versions {introduced} to {fixed}")

ID Formats

OSV supports multiple vulnerability ID formats:

Format	Example	Source
GHSA	`GHSA-rv95-896h-c2vc`	GitHub Advisories
CVE	`CVE-2024-0853`	CVE Database
DEBIAN	`DEBIAN-CVE-2024-0853`	Debian Security
USN	`USN-6641-1`	Ubuntu Security
PYSEC	`PYSEC-2024-1`	Python Security
RUSTSEC	`RUSTSEC-2024-0001`	Rust Security

Errors

Vulnerability Not Found

json

{
  "success": false,
  "error": "Vulnerability 'GHSA-xxxx-xxxx-xxxx' not found"
}

Invalid ID Format

json

{
  "success": false,
  "error": "Invalid vulnerability ID format"
}

Caching

This endpoint is cached for 1 hour. The X-Cache header indicates cache status.

OSV Details ​

Endpoint ​

Path Parameters ​

Response ​

Response Fields ​

Root Object ​

Affected Object ​

Range Object ​

Examples ​

Get GitHub Advisory Details ​

Get Debian Advisory Details ​

Get CVE Details ​

Code Examples ​

ID Formats ​

Errors ​

Vulnerability Not Found ​

Invalid ID Format ​

Caching ​

OSV Details

Endpoint

Path Parameters

Response

Response Fields

Root Object

Affected Object

Range Object

Examples

Get GitHub Advisory Details

Get Debian Advisory Details

Get CVE Details

Code Examples

ID Formats

Errors

Vulnerability Not Found

Invalid ID Format

Caching