Ubuntu OSV data feed
Consume vulnerability data in OSV format to get a structured, human, and machine-readable description of known vulnerabilities and available security patches for all supported Ubuntu releases.
OSV — an open format for vulnerability management
 
          Open Source Vulnerabilities (OSV) is a JSON schema that provides a human and machine readable data format to describe vulnerabilities in a way that precisely maps to open source package versions. This schema is developed and maintained by the Open Source Security Foundation (OSSF). OSV also consists of a reference infrastructure and tooling (OSV-Scanner).
When to use OSV?
OSV helps with:
- Vulnerability management: Consolidating vulnerability data into a centralized database, which makes it easier to find and resolve issues in deployments.
- Automated alerts: Developers and organizations can receive automated alerts when vulnerabilities are found in the open source software they use.
- Integration with tools: OSV can integrate with other tools, such as dependency management tools, to identify affected packages automatically.
In summary, OSV is an initiative focused on helping manage vulnerabilities in open source software to improve security.
What types of Ubuntu OSV data are available?
Currently, Ubuntu’s Security Team produces OSV data for three different types of vulnerability data:
- Ubuntu Security Notices: Announcements about fixed vulnerabilities in Ubuntu.
- Ubuntu CVEs: Vulnerabilities that affect packages in the Ubuntu archive.
- Livepatch Security Notices: announcements about fixed vulnerabilities available through Livepatch.
Where can I get OSV data?
Ubuntu OSV data is available through:
Which tools and APIs are available for OSV data?
Currently, the osv.dev database provides an API to query OSV data.
For tools, there's the official osv-scanner, as well as some additional community maintained tools.
Is severity classification available in OSV?
Yes, Ubuntu includes both NVD’s CVSS scores as well as Ubuntu’s priority.
More resources
Access an overview of common vulnerabilities and exposures.
Learn more about Ubuntu security maintenance and platform security features.
