Browser-Native Vulnerability Lookup Via Osv.Dev
Sources: 1 • Confidence: Medium • Updated: 2026-03-30 03:30
Key takeaways
- OSV.dev provides an open JSON API for its open source vulnerability database that is CORS-enabled.
- An HTML tool was built using Claude Code to look up Python dependency vulnerabilities via the OSV.dev API.
- The tool accepts a pasted pyproject.toml or requirements.txt, or a GitHub repo name containing them, and returns all vulnerabilities reported by the OSV.dev API.
Sections
Browser-Native Vulnerability Lookup Via Osv.Dev
- OSV.dev provides an open JSON API for its open source vulnerability database that is CORS-enabled.
- An HTML tool was built using Claude Code to look up Python dependency vulnerabilities via the OSV.dev API.
- The tool accepts a pasted pyproject.toml or requirements.txt, or a GitHub repo name containing them, and returns all vulnerabilities reported by the OSV.dev API.
Unknowns
- What is the tool's URL/artifact reference, and does it reliably run in a standard browser environment without additional setup?
- What OSV.dev API endpoints, package identifiers, and dependency resolution rules does the tool use for Python packages (including transitive dependencies, version pinning, and environment markers)?
- What are OSV.dev API operational constraints (rate limits, availability expectations, and any usage restrictions) relevant to interactive and automated querying?
- How does the tool handle false positives/negatives, deduplication, and vulnerability severity/context (e.g., affected ranges vs installed versions) in its output?
- Is there any demonstrated decision-readthrough (operator, product, or investor) tied to this pattern (e.g., adoption in CI, policy changes, procurement, or process changes)?