DepSentry is a lightweight web interface for exploring security vulnerabilities. Enter a CVE ID and get the full picture: affected packages, vulnerable version ranges, CVSS scores, aliases, and advisory links, fetched live from OSV.dev and enriched with deps.dev data.
What makes it useful is how little friction there is between wondering about a vulnerability and seeing the details. No API keys to set up, no CLI to learn. You type a CVE ID and the information is there, pulled from two public sources and presented in a clear layout.
What it does
- accepts CVE lookups directly in the UI
- fetches live vulnerability details from OSV.dev
- enriches results with deps.dev for CVSS scores and advisory links
- degrades gracefully if the enrichment layer is unavailable
- supports bulk affected-package checking via package.json, requirements.txt, or SPDX SBOM upload
- caches results in Redis to speed up repeat lookups
Stack
The frontend is a React + Vite app. The backend is a Python FastAPI service that proxies requests to OSV.dev and deps.dev, with Redis for caching. Docker Compose ties all three together for local development, and the project is deployed with Railway (backend + Redis) and Vercel (frontend).
What drew me to this project is its restraint. It does one useful job: making public vulnerability APIs faster to read and act on, and does it without overcomplicating the flow.