Tracking 39,961+ CVEs live

Know every risk in your dependency tree.

OsVault scans your npm and PyPI packages against NVD, OSV.dev, EPSS, and CISA KEV — combining everything into one risk score so you fix what actually matters.

Install GitHub AppScan dependencies freeView pricing
OsVault Workflow
39,961CVEs indexed
4Intel sources
3KEV entries
24hRefresh cycle
100%Free tier
TRUSTED BY TEAMS AT
REAL-TIME CVE TRACKING CVSS + EPSS + KEV SCORING NPM & PYPI ECOSYSTEMS DAILY NVD INGESTION OPEN SOURCE INTELLIGENCE DEPENDENCY SCANNING 100% FREE VULNERABILITY DATA AUTOMATED RISK SCORING REAL-TIME CVE TRACKING CVSS + EPSS + KEV SCORING NPM & PYPI ECOSYSTEMS DAILY NVD INGESTION OPEN SOURCE INTELLIGENCE DEPENDENCY SCANNING 100% FREE VULNERABILITY DATA AUTOMATED RISK SCORING
THE PROBLEM

You don't know what's hiding
in your dependencies.

BLIND SPOTS

Undiscovered CVEs

New vulnerabilities are published daily across npm and PyPI. Without continuous monitoring, critical CVEs slip through unnoticed in your dependency tree.

FALSE CONFIDENCE

Outdated Scoring

CVSS alone doesn't tell the full story. Without EPSS exploit probability and CISA KEV data, you're prioritizing the wrong vulnerabilities.

FRAGMENTED DATA

Scattered Sources

NVD, OSV.dev, EPSS, CISA KEV — critical intelligence is spread across dozens of sources. No single view of your actual risk posture.

DELAYED RESPONSE

Manual Triage

Security teams waste hours manually cross-referencing advisories. By the time a fix is prioritized, attackers have already moved.

INTRODUCING OSVAULT

All intelligence. One platform.

OsVault aggregates CVEs from NVD, advisories from OSV.dev, EPSS exploit scores, and CISA KEV data — computed into a unified risk score, updated daily.

SOURCENVD
SOURCEOSV.dev
SOURCEEPSS
SOURCECISA KEV
INGEST-RSOSVAULT ENGINE
OUTPUTRISK SCORE
OUTPUTCVE DATABASE
OUTPUTPR CHECKS
1

Data Sources

Aggregate critical intelligence from dozens of fragmented origins.

NVDOSV.devEPSSCISA KEV
2

OsVault Engine (Ingest-RS)

Unify, normalize, and violently accelerate threat-score mapping in real-time.

3

Output Ecology

Deliver deterministic intelligence directly into your workflow.

Risk ScoreCVE DBPR Checks
[ ◉ ] REAL-TIME MONITORING

Track threats
as they emerge.

OsVault ingests vulnerabilities daily from NVD and OSV.dev, enriches them with EPSS exploit probability and CISA KEV membership, and computes a combined risk score — so you know exactly what to fix first.

Unified risk scoring

CVSS severity, EPSS exploit probability, and CISA KEV status combined into a single 0–100 score.

Multi-source intelligence

Pull from NVD, OSV.dev, FIRST EPSS, and CISA KEV — every critical source in one pipeline.

Daily ingestion

Automated Rust-based pipeline runs every 24 hours, ensuring you never miss a newly published CVE.

SCORING ACCURACY

Context
beats severity.

A CVSS 9.8 that nobody exploits is less urgent than a CVSS 7.2 actively used in the wild. OsVault combines CVSS with EPSS exploit probability and CISA KEV data to give you actionable prioritization.

Every vulnerability is enriched with real-world exploit intelligence — not just theoretical severity. Stop chasing noise. Fix what matters.

SCORING APPROACH
OsVault Combined Score100%
CVSS Only40%

Contextual accuracy vs. raw severity scoring

Your dependencies, secured.

[ 01 ]

Understands your ecosystem

Full support for npm and PyPI — the two largest open-source ecosystems. Every advisory tracked and enriched.

[ 02 ]

EPSS exploit probability

See how likely a vulnerability is to be exploited in the wild, based on real-world threat data from FIRST.

[ 03 ]

CISA KEV cross-reference

Instantly know if a CVE is in the CISA Known Exploited Vulnerabilities catalog — the gold standard for active threats.

[ 04 ]

GitHub PR security checks

Install the GitHub App and get automatic security check runs on every PR that touches your dependency files.

[ 05 ]

Instant dependency scan

Paste your package.json or requirements.txt to get a security grade, risk breakdown, and downloadable PDF report.

[ 06 ]

Combined risk scoring

Proprietary 0–100 score combining CVSS severity, EPSS probability, and KEV status into a single actionable metric.

39,961
VULNERABILITIES
100%
FREE & OPEN
3
KEV ENTRIES
24h
INGESTION CYCLE

Built for security engineers.

From automated ingestion pipelines to instant dependency scanning — built with the tools you trust.

OSVAULT://LOCALHOST · ACTIVE
INGEST ENGINE
OV-100
SECURE SCAN

Recent Critical & High CVEs

Updated daily at 5 AM UTC
CVE-2026-33892HIGH

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial

7.1
CVSS
CVE-2026-27668HIGH

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). U

8.8
CVSS
CVE-2026-25654HIGH

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate u

8.8
CVSS
CVE-2026-24032HIGH

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains a

7.3
CVSS
CVE-2026-3017HIGH

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to P

7.2
CVSS
CVE-2026-40313CRITICAL

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to A

9.1
CVSS

Start scanning today.

Install the GitHub App to automatically scan every PR, or paste your dependency file for an instant report — completely free.

INSTALL GITHUB APP →SCAN DEPENDENCIES

Frequently asked questions.

What data sources does OsVault use?

OsVault aggregates data from the National Vulnerability Database (NVD) for CVE details and CVSS scores, OSV.dev for npm and PyPI advisories, FIRST EPSS for exploit probability scores, and the CISA Known Exploited Vulnerabilities (KEV) catalog.

How often is the data updated?

Our Rust-based ingestion pipeline runs daily via CI, fetching the last 24 hours of CVEs from NVD and OSV advisories. Each record is enriched with EPSS scores and CISA KEV membership in real-time.

What is the combined risk score?

It's a proprietary 0–100 score that combines CVSS severity, EPSS exploit probability, and CISA KEV status into a single actionable metric. A high EPSS score or KEV membership significantly boosts the combined score.

Is OsVault free?

Yes. The CVE browser, dependency scanner, and security grading are completely free to use. The GitHub App offers 10 free PR checks per month for private repositories.

Which ecosystems are supported?

Currently, OsVault supports npm (Node.js/JavaScript) and PyPI (Python) — the two largest open-source package ecosystems. More ecosystems are planned for future releases.

Secure your open source.
Scan Dependencies Now ↵
No sign-up required. No usage limits. Completely free.