Links:
FreeBSD OSV database for pkg URL: https://github.com/illuusio/freebsd-osv/blob/main/db/freebsd-osv.json
FreeBSD Vulnerabilities for year 2025 in Markdown/Commonmark format URL: https://github.com/illuusio/freebsd-osv/tree/main/md/2025
Lua OSV tool URL: https://github.com/illuusio/freebsd-osv/blob/main/bin/osvf-tool.lua
Python VuXML to OSV conversion tool URL: https://github.com/illuusio/freebsd-osv/blob/main/bin/convert_vuxml.py
pkg PR for OSV URL: https://github.com/freebsd/pkg/pull/2558
OSV Schema pull request URL: https://github.com/ossf/osv-schema/pull/237
OSV issue to track down OSV integration in Google OSV Github repository URL: https://github.com/google/osv.dev/issues/3901
FreeBSD PURL effort URL: https://github.com/package-url/purl-spec/pull/496

Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>

The Open Source Vulnerability database effort has been ongoing since May. The target for this effort was to produce an OSV database and retire the old VuXML database format.

Currently, there is a test database and a pull request for pkg(8). The test database can be updated from VuXML and converted to OSV JSON format. Needed tooling to update and create a merged database file for pkg is complete. There is also exporting for Commonmark which renders fine in Github.

Additionally, upstream support for FreeBSD in the OSV Schema has been implemented, allowing OSV files to be validated against official sources. There has also been an effort for PURL that is slowly moving forward.

If you want to help with this project, here are some tasks:

Sponsor: The FreeBSD Foundation