OSV.dev Has a Free API — Find Vulnerabilities in Any Open-Source Package

The Story I was auditing a Python project with 47 dependencies. Running pip-audit found 3 vulnerabilities, but I needed more details — CVE descriptions, fix versions, affected ranges. The NVD API is slow and clunky. Then I found OSV.dev — Google's open-source vulnerability database with a clean, fast API. What Is OSV.dev? OSV.dev aggregates vulnerabilities from: GitHub Security Advisories PyPI Advisory Database npm Advisories RustSec Go Vulnerability Database Linux kernel vulnerabilities And 15+ other sources One API to search them all. The API # Check if a package has vulnerabilities curl -s -X POST "https://api.osv.dev/v1/query" \ -H "Content-Type: application/json" \ -d '{"package": {"name": "requests", "ecosystem": "PyPI"}}' # Get a specific vulnerability curl -s "https://api.osv.dev/v1/vulns/GHSA-j8r2-6x86-q33q" # Batch query multiple packages curl -s -X POST "https://api.osv.dev/v1/querybatch" \ -H "Content-Type: application/json" \ -d '{"queries": [{"package": {"name": "lodash",