security 2 credits · ~$0.030 <500ms

Vulnerability Scanner

POST /v1/scan/vulnerabilities

Checks package names against the OSV (Open Source Vulnerabilities) database and returns the CVEs and GHSAs affecting them — before dependencies are installed.

Capabilities

  • OSV / CVE / GHSA lookup
  • PyPI, npm, crates.io, Go
  • Severity and aliases per finding
  • Batch queries

Use cases

  • Post-validation dependency safety
  • Supply-chain gates
  • Agent-written build and lock files
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/vulnerabilities \
  -H "Content-Type: application/json" \
  -d '{"packages": [{"name": "lodash", "version": "4.17.15", "ecosystem": "npm"}]}'
response shape
{
  "verdict": "PASS" | "FLAG" | "BLOCK",
  // tool-specific findings…
  "certificate": "sha256:..."
}