How to get an integer severity score from osv Rest API #2643
Replies: 2 comments
-
|
The other thing is that from the API example, I see the query response can return https://google.github.io/osv.dev/post-v1-query/#sample-200-response. However, I don't see that (yet) for any of the vulnerabilities returned. I tried querying on a package "dash", "2.14.2", "PyPI". Is it due to the osv is 'fixed'? |
Beta Was this translation helpful? Give feedback.
-
|
Our API doesn't provide the calculated score at the moment. There is probably a library to calculate it for your language: e.g. https://pypi.org/project/cvss/ |
Beta Was this translation helpful? Give feedback.
-
Hi, I want to create a tool that scans our team project's external dependencies for vulnerabilities.
I see that using the osv web scanner to view the vulnerability gives a number for severity, see https://osv.dev/vulnerability/GHSA-wjc4-73q6-gv3m (9.8 is the calculated severity).
However, when I try to use the API query ("https://api.osv.dev/v1/query"), I only see something like
[{'type': 'CVSS_V3', 'score': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N'}, {'type': 'CVSS_V4', 'score': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N'}]. Is there a way to access the calculated integer score via API, or is there something else I need to do?Thanks in advance for all the helps!
Beta Was this translation helpful? Give feedback.
All reactions