Safeguard Documentation Center
Open Source Manager

Security Database

Browse open source package security information and vulnerability data

Security Database

The OSM Security Database provides comprehensive security intelligence for open source packages, similar to Snyk's vulnerability database. Search and explore security information to make informed decisions about your dependencies.

Package Security Information

Search for any open source package to view:

Security Overview

FieldDescription
Security ScoreOverall security assessment (0-100)
Vulnerability CountTotal known vulnerabilities
Critical/High CVEsCount of severe vulnerabilities
Last UpdatedMost recent security scan
Maintenance StatusActive/Inactive/Abandoned

Vulnerability Details

For each vulnerability:

  • CVE ID - Unique identifier
  • Severity - Critical, High, Medium, Low
  • CVSS Score - Numerical severity (0-10)
  • Description - What the vulnerability does
  • Affected Versions - Which versions are impacted
  • Fixed Version - Version that resolves the issue
  • Exploit Status - Known exploits available
  • References - Links to advisories

Version History

Track security across versions:

  • Timeline of releases
  • Vulnerability introduction points
  • Security improvements over time
  • Recommended upgrade paths

Searching the Database

By Package Name

lodash
express
django
spring-boot

By CVE

CVE-2021-44228
CVE-2023-1234

By Ecosystem

Filter by package ecosystem:

  • npm (JavaScript)
  • PyPI (Python)
  • Maven (Java)
  • NuGet (.NET)
  • Go modules
  • RubyGems
  • Cargo (Rust)
  • Packagist (PHP)

Package Page

Each package page includes:

Security Tab

  • Current vulnerabilities
  • Historical vulnerabilities
  • Fix recommendations

Dependencies Tab

  • Direct dependencies
  • Transitive dependencies
  • Dependency vulnerabilities

Versions Tab

  • All versions with security status
  • Recommended versions
  • Deprecated versions

License Tab

  • License type
  • License obligations
  • Compatibility notes

Attestation Tab

  • Build provenance
  • Signature verification
  • SLSA level

Use Cases

Before Installing a Package

  1. Search for the package
  2. Check vulnerability count
  3. Review license
  4. Verify attestation
  5. Make informed decision

Responding to Security Alerts

  1. Search for the CVE
  2. See all affected packages
  3. Review impact
  4. Plan remediation

Compliance Auditing

  1. Export package list
  2. Review licenses
  3. Check attestations
  4. Documentation compliance

API Access

Query the security database programmatically:

# Get package security info
curl "https://api.safeguard.sh/v1/packages/npm/lodash" \
  -H "Authorization: Bearer $API_KEY"

# Search vulnerabilities
curl "https://api.safeguard.sh/v1/vulnerabilities?cve=CVE-2021-44228" \
  -H "Authorization: Bearer $API_KEY"

Open Source Manager

Open source security intelligence with vulnerability tracking, attestation verification, and license compliance

Attestation

Supply chain integrity verification through attestations

On this page

Security DatabasePackage Security InformationSecurity OverviewVulnerability DetailsVersion HistorySearching the DatabaseBy Package NameBy CVEBy EcosystemPackage PageSecurity TabDependencies TabVersions TabLicense TabAttestation TabUse CasesBefore Installing a PackageResponding to Security AlertsCompliance AuditingAPI Access