OSV Vulnerability Report

Upload a pom.xml or package.json and generate an OSV (Google) vulnerability report for the dependencies found in your project.

Scan with OSV

Paste or upload your Maven or npm manifest. Then scan vulnerabilities using the OSV API.

Drop your file here, or browse

We detect the type automatically (Maven vs npm).

If you upload a file, it takes precedence.
May take longer. Backend must be able to resolve dependencies (npm/maven available).

About OSV vulnerability scanning

This tool uses Google’s OSV database to check the versions in your pom.xml or package.json. It produces an actionable report of matching vulnerabilities for your dependencies.

What is an OSV report?

An OSV vulnerability record includes an ID, a summary, and references. We format the OSV results into a readable vulnerability report for your dependencies.

Security note

Your input is sent to the configured backend endpoint (Lambda). Only share non-sensitive dependency metadata when using this tool.