osv-mcp
Verified Safeby StacklokLabs
Overview
An MCP (Model Context Protocol) server that provides access to the OSV (Open Source Vulnerabilities) database for LLM-powered applications.
Installation
task build && ./build/osv-mcp-serverEnvironment Variables
- MCP_PORT
- MCP_TRANSPORT
Security Notes
The server uses standard Go HTTP client practices with appropriate timeouts when interacting with the external OSV API. It includes input validation for its MCP tools, preventing obvious injection vectors for package names, versions, or IDs. Configuration through environment variables is handled with type conversion and range checks. No direct 'eval' or arbitrary code execution from user input is apparent in the provided source code. The project has documented security policies for responsible disclosure, indicating a proactive stance on security. Primary external risks are tied to the reliability and security of the OSV API itself and the underlying `mark3labs/mcp-go` library.
Similar Servers
mcp-scanner
A Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings, combining Cisco AI Defense inspect API, YARA rules, and LLM-as-a-judge to detect malicious MCP tools.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
ocireg-mcp
An MCP server that provides tools for querying OCI registries and image references, enabling LLM-powered applications to retrieve container image information.