Query Open Source Vulnerabilities (OSV) database for known CVEs in an NPM package. Returns vulnerability list with severity, summary, affected version ranges, fix versions, references. Use ?package=react and version=18.2.0. Backed by Google-maintained OSV (industry standard).