osv-mcp
Verified Safeby StacklokLabs
Overview
An MCP (Model Context Protocol) server that provides access to the OSV (Open Source Vulnerabilities) database for LLM-powered applications.
Installation
./build/osv-mcp-serverEnvironment Variables
- MCP_PORT
- MCP_TRANSPORT
Security Notes
The server primarily acts as a proxy to the OSV API, handling input validation for network configuration (port, transport mode) and basic request parameters (commit, version, package_name, ecosystem, purl). It uses standard Go HTTP client practices with reasonable timeouts. There are no evident hardcoded secrets, 'eval' usage, or obvious command injection vulnerabilities in the provided code. The reliance on the `mark3labs/mcp-go` library's internal parsing mechanisms is an external dependency that would require separate audit, but its usage here appears correct.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.