cvefeed-mcp

cvefeed-mcp

MCP server providing vulnerability intelligence from CVEFeed.io, enabling CVE search, product subscriptions, and alert management via natural language.

Category
Visit Server

README

cvefeed-mcp

Model Context Protocol (MCP) server for the CVEFeed.io vulnerability intelligence API. Gives Claude Desktop, Cursor, Cline, and any other MCP-aware agent direct access to CVE search, project subscriptions, and vulnerability alerts.

Install

pip install cvefeed-mcp
# or
uvx cvefeed-mcp

Authenticate

Create a Project API Token at https://cvefeed.io/project/settings/api-tokens/, copy it, and export it alongside the numeric id of the project the token was issued for:

export CVEFEED_API_TOKEN=cvefeed_XXXXXXXX_...
export CVEFEED_PROJECT_ID=42

Each token is bound to exactly one project — one MCP install targets one project. The project id is the integer in your project dashboard URL (/project/detail/<slug>/; the numeric id is also shown in the project settings page).

Recommended scopes for full MCP functionality

MCP tools span four resource scopes. Grant read on every resource the agent may touch so it doesn't hit an "insufficient scope" error mid-task:

  • vulnerabilities: read — CVE / CPE / CVEQL / EPSS discovery tools
  • subscriptions: read (or write to let the agent add / remove product subscriptions)
  • alerts: read (or write to let the agent mark alerts as read)
  • activity_log: read — Enterprise only; required by read_project_activity_log

write implies read, so you don't need to tick both on the same resource.

Optionally override the base URL for staging or self-hosted deployments:

export CVEFEED_BASE_URL=https://cvefeed.io   # default

Use with Claude Desktop

Add to your ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or equivalent:

{
  "mcpServers": {
    "cvefeed": {
      "command": "uvx",
      "args": ["cvefeed-mcp"],
      "env": {
        "CVEFEED_API_TOKEN": "cvefeed_XXXXXXXX_...",
        "CVEFEED_PROJECT_ID": "42"
      }
    }
  }
}

Use with Cursor / Cline

Same MCP server config format — point command at cvefeed-mcp (or uvx cvefeed-mcp) and set CVEFEED_API_TOKEN + CVEFEED_PROJECT_ID in the env block.

Available tools

Tool Purpose Auth required
search_cves Full-text and filter search over the CVE catalog Optional
get_cve_detail Fetch full metadata for a single CVE Optional
run_cveql_query Execute a CVEQL query for advanced hunting Optional
lookup_by_cpe Resolve CPE 2.3 URIs to CVEs/products/vendors Pro tier
get_exploit_intel Public exploits and EPSS scores Pro tier
list_product_subscriptions List subscriptions on the configured project subscriptions:read
add_product_subscription Subscribe the project to a product subscriptions:write
remove_product_subscription Unsubscribe from a product subscriptions:write
search_products Search products with subscription status subscriptions:read
list_project_alerts Read vulnerability alerts on the project alerts:read
mark_alert_read Mark an alert as read alerts:write
read_project_activity_log Read project audit log activity_log:read, Enterprise

Every project-scoped tool targets the single project set via CVEFEED_PROJECT_ID; the LLM never passes a project id.

Local development

cd mcp-server
pip install -e ".[dev]"
pytest -v

Transport

Ships stdio transport only (what Claude Desktop, Cursor, and Cline expect). Remote streamable-HTTP transport may follow in a later release.

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured