Live2 free scans/day · Unlimited with $79/month Pro
Dependency CVE Scanner
Paste your package.json or requirements.txt and check every dependency against Google's OSV vulnerability database in real time. Real CVE data, real CVSS scores, real fix versions.
How it works
Sends every package name and version to Google's OSV (Open Source Vulnerability) database — the same database that powers GitHub's Dependabot alerts. Results include real CVE IDs, CVSS severity scores, the version that fixes each vulnerability, and direct links to the GitHub Security Advisory.
What you get
- ✓CVE IDs and CVSS scores for every vulnerable package
- ✓Fixed version for each vulnerability
- ✓Link to the full GitHub Security Advisory
- ✓Severity breakdown: Critical / High / Medium / Low
- ✓Supports npm (package.json) and PyPI (requirements.txt)