---
title: "Vulnerability detection now covers ecosystem-native OSV advisories"
description: "Packages from Debian, Alpine, PyPI, and other ecosystems that use native version ranges are now matched against a broader set of OSV advisories, building on existing coverage for SemVer-based ranges."
canonical_url: "https://cloudsmith.com/changelog/vulnerability-detection-now-covers-ecosystem-native-osv-advisories"
last_updated: "2026-06-16T10:41:20.538Z"
---
# Vulnerability detection now covers ecosystem-native OSV advisories

Packages from Debian, Alpine, PyPI, and other ecosystems that use native version ranges are now matched against a broader set of OSV advisories, building on existing coverage for SemVer-based ranges.

Users with active vulnerability policies that use the [OSV.dev](https://osv.dev/) dataset may see more policy matches than before. This is expected: your policies are now being evaluated against a more complete set of advisories. It's broader coverage, not noise.

Ecosystems with improved coverage: 

- AlmaLinux
- Alpine
- Chainguard
- CRAN
- Debian
- NuGet
- openSUSE
- Packagist
- Pub
- PyPI
- Red Hat
- Rocky Linux
- RubyGems
- SUSE
- Ubuntu
- Wolfi

Visit our [documentation](https://docs.cloudsmith.com/supply-chain-security/continuous-security#continuous-security-1) for more information on how to access the OSV.dev dataset to create your vulnerability policies.
