CVE Intelligence MCP Server
Provides multi-source vulnerability intelligence for AI-powered security operations, combining NVD CVSS, CISA KEV, and EPSS scores without requiring an API key.
README
π‘οΈ MCP Server: CVE Intelligence
A Model Context Protocol (MCP) server that provides multi-source vulnerability intelligence for AI-powered security operations. Combines three free, authoritative data sources into a single unified interface β no API key required.
"Should I panic about this CVE?" β This server answers that question.
Why This Server?
Most CVE tools give you just a CVSS score. But security teams need to know:
- How severe is it? β CVSS score (from NVD)
- Is it being exploited RIGHT NOW? β CISA KEV catalog
- How LIKELY is exploitation? β EPSS probability score
This server combines all three into a single risk verdict.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β mcp-server-cve-intel β
β β
β βββββββββββββββ ββββββββββββββββ βββββββββββββββββ β
β β NVD (NIST) β β CISA KEV β β EPSS β β
β β CVE details β β Known β β Exploit β β
β β CVSS scores β β Exploited β β Prediction β β
β β References β β Vulns catalogβ β Probability β β
β ββββββββ¬βββββββ ββββββββ¬ββββββββ βββββββββ¬ββββββββ β
β ββββββββββββββββββΌβββββββββββββββββββ β
β βΌ β
β π― UNIFIED RISK VERDICT β
β "CVE-2021-44228: CVSS 10.0, ACTIVELY EXPLOITED, β
β 97.5% chance of exploitation β π¨ PATCH NOW" β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Features
- π CVE Lookup β Full intelligence report from 3 sources for any CVE
- π CVE Search β Search vulnerabilities by keyword (product, vendor, type)
- π¨ CISA KEV Feed β Latest actively exploited vulnerabilities
- π EPSS Scores β Exploit probability predictions (next 30 days)
- π― Risk Verdicts β Automated risk scoring combining all factors
- π No API Key Required β All data sources are free and public
- π Local + Remote β Supports both stdio and SSE transport
Quick Start
1. Install
git clone https://github.com/gopichand458/mcp-server-cve-intel.git
cd mcp-server-cve-intel
pip install -r requirements.txt
2. Run Local (for Claude Desktop)
python server.py
Add to your claude_desktop_config.json:
{
"mcpServers": {
"cve-intel": {
"command": "python",
"args": ["/FULL/PATH/TO/mcp-server-cve-intel/server.py"]
}
}
}
3. Run Remote (shareable SSE server)
python server.py --remote
# β Available at http://localhost:8000/sse
Optional: NVD API Key (for higher rate limits)
The server works without an API key, but NVD limits unauthenticated requests to 5 per 30 seconds. Get a free key for 50 requests/30 sec:
# Request key at: https://nvd.nist.gov/developers/request-an-api-key
export NVD_API_KEY="your-key-here"
python server.py
Tools
cve_lookup β Full CVE Intelligence Report
Get comprehensive intelligence for a specific CVE combining all 3 sources.
Input: cve_lookup(cve_id="CVE-2021-44228")
Output: {
"cve_id": "CVE-2021-44228",
"description": "Apache Log4j2 <=2.14.1 JNDI features...",
"cvss_score": 10.0,
"severity": "CRITICAL",
"epss": {
"score_percent": "97.5%",
"interpretation": "π΄ CRITICAL β Very high probability of exploitation"
},
"cisa_kev": {
"in_kev_catalog": true,
"actively_exploited": true,
"known_ransomware_use": "Known"
},
"risk_verdict": {
"overall": "π¨ CRITICAL β Immediate action required. Patch NOW.",
"risk_score": "100/100",
"risk_factors": [
"π΄ CVSS Critical (9.0+)",
"π΄ ACTIVELY EXPLOITED (in CISA KEV)",
"π΄ USED IN RANSOMWARE CAMPAIGNS",
"π΄ EPSS 97.5% β Very likely to be exploited"
]
}
}
cve_search β Search by Keyword
Input: cve_search(keyword="Microsoft Exchange", limit=5)
Output: List of matching CVEs with CVSS scores and severity
cve_recent_kev β Actively Exploited Vulnerabilities
Input: cve_recent_kev(limit=10)
Output: Latest additions to CISA's Known Exploited Vulnerabilities catalog
cve_epss_score β Exploit Probability
Input: cve_epss_score(cve_id="CVE-2024-3094")
Output: EPSS score with probability and percentile interpretation
Resources
| URI | Description |
|---|---|
cve-intel://about |
Server info and data source details |
cve-intel://severity-guide |
CVSS/EPSS/KEV interpretation guide |
Prompts
| Prompt | Description |
|---|---|
vulnerability_assessment |
Guided CVE assessment workflow |
threat_briefing |
Current threat landscape briefing |
Example Conversations
After connecting to Claude Desktop:
You: "Tell me about CVE-2024-3094"
Claude: calls cve_lookup β Provides full report with CVSS, EPSS, exploitation status, and risk verdict
You: "What's being actively exploited right now?"
Claude: calls cve_recent_kev β Lists latest CISA KEV additions with remediation guidance
You: "Find vulnerabilities in Apache Struts and tell me which to patch first"
Claude: calls cve_search + cve_epss_score β Searches, ranks by EPSS, recommends priority
Data Sources
| Source | What It Provides | Rate Limit | Auth |
|---|---|---|---|
| NVD (NIST) | CVE details, CVSS scores, CWEs, references | 5 req/30s (free), 50/30s (with key) | Optional |
| CISA KEV | Actively exploited CVEs, remediation deadlines | Unlimited | None |
| EPSS (FIRST.org) | Exploit probability (0-100%) for next 30 days | Unlimited | None |
Compatibility
| Client | Supported |
|---|---|
| Claude Desktop | β (stdio) |
| Claude Code | β |
| Cursor | β |
| VS Code + Copilot | β |
| Any MCP client | β |
Project Structure
mcp-server-cve-intel/
βββ server.py # MCP server β tools, resources, prompts
βββ cve_client.py # Multi-source CVE intelligence client
βββ requirements.txt # Dependencies
βββ LICENSE # MIT License
βββ .gitignore
βββ README.md # This file
Contributing
Contributions welcome! Some ideas:
- Add more data sources (OSV, GitHub Security Advisories)
- Add caching for CISA KEV (it's a large JSON file)
- Add a
cve_comparetool for side-by-side comparison - Docker support
- PyPI packaging
Author
GKonakala β github.com/gopichand458
License
MIT License β see LICENSE for details.
Disclaimer
Disclaimer
This product uses the NVD API but is not endorsed or certified by the NVD.
This tool aggregates publicly available vulnerability data for security research and operational purposes. It is not affiliated with NIST, CISA, or FIRST.org. Always verify critical findings through official sources.
Built with Model Context Protocol by Anthropic
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.