Supported Ecosystems
Vulnpatch queries vulnerabilities across 38+ ecosystems via OSV.dev. This page lists all supported ecosystems.
Package Managers
| Ecosystem | Description | Example Package |
|---|---|---|
npm | Node.js packages | express |
PyPI | Python packages | requests |
Go | Go modules | github.com/gin-gonic/gin |
crates.io | Rust crates | serde |
RubyGems | Ruby gems | rails |
Maven | Java/JVM packages | org.apache.logging.log4j:log4j-core |
Packagist | PHP packages | laravel/framework |
NuGet | .NET packages | Newtonsoft.Json |
Hex | Elixir/Erlang packages | phoenix |
Pub | Dart packages | flutter |
CRAN | R packages | ggplot2 |
Hackage | Haskell packages | aeson |
SwiftURL | Swift packages | N/A |
Julia | Julia packages | Plots |
Linux Distributions
| Ecosystem | Description |
|---|---|
Debian | Debian packages |
Ubuntu | Ubuntu packages |
Alpine | Alpine Linux packages |
AlmaLinux | AlmaLinux packages |
Rocky Linux | Rocky Linux packages |
Red Hat | Red Hat Enterprise Linux |
SUSE | SUSE Linux Enterprise |
openSUSE | openSUSE packages |
Mageia | Mageia Linux packages |
openEuler | openEuler packages |
Container & Cloud Images
| Ecosystem | Description |
|---|---|
Chainguard | Chainguard container images |
Wolfi | Wolfi container images |
Bitnami | Bitnami container images |
BellSoft Hardened Containers | BellSoft Liberica containers |
Alpaquita | Alpaquita Linux images |
MinimOS | MinimOS container images |
Other Ecosystems
| Ecosystem | Description |
|---|---|
Android | Android framework vulnerabilities |
Linux | Linux kernel vulnerabilities |
GHC | Glasgow Haskell Compiler |
GitHub Actions | GitHub Actions workflows |
VSCode | VS Code extensions |
OSS-Fuzz | Vulnerabilities found by OSS-Fuzz |
GIT | Git repositories |
GSD | Global Security Database |
UVI | Ubuntu CVE Tracker |
Echo | Echo ecosystem |
Querying Specific Ecosystems
Single Ecosystem
bash
# Query npm only
curl "https://api.vulnpatch.dev/api/v1/osv/express?ecosystem=npm"All Ecosystems (Default)
bash
# Query all ecosystems
curl "https://api.vulnpatch.dev/api/v1/osv/openssl"The default behavior queries all relevant ecosystems in parallel and returns aggregated results.
Response Format
When querying without an ecosystem filter, results are grouped by ecosystem:
json
{
"success": true,
"data": {
"package": "curl",
"ecosystem": "all",
"vulnerabilities": {
"Debian": [
{ "id": "DEBIAN-CVE-2024-0853", "modified": "..." }
],
"Ubuntu": [
{ "id": "USN-6641-1", "modified": "..." }
],
"Alpine": [
{ "id": "CVE-2024-0853", "modified": "..." }
]
}
}
}Ecosystem Coverage Notes
- Native C/C++ libraries (like
curl,openssl,zlib): Use Linux distribution ecosystems (Debian, Ubuntu, Alpine) for best coverage - Language-specific packages: Use the appropriate package manager ecosystem
- Container images: Use container-specific ecosystems for image scanning
Adding New Ecosystems
OSV.dev continuously adds new ecosystems. Vulnpatch automatically supports newly added ecosystems as they become available.