osv index and vuln discovery

[Mehdi Karimi]

How many of the oss packages are indexed or actually fuzzed?! 

Is this a starter project? 

For example, I am trying to query expat, version 2.2.5 and I see nothing returned! however, from the expat site, I see there is vuln with 2.2.5. 

url = "https://api.osv.dev/v1/query"

myjson = {"version": "2.2.5", "package": {"name": "expat", "ecosystem": "OSS-Fuzz"}}

x = requests.post(url, json = myjson)

print(x.text)

I also tried packages listed below with the PyPI ecosystem but nothing returns!

https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/