osidb-mcp
MCP server for OSIDB (Red Hat Product Security's vulnerability management system). Enables read-only querying of flaws, affects, trackers, and status via natural language from MCP clients like Cursor or Claude Desktop.
README
osidb-mcp
Python Model Context Protocol (MCP) server for OSIDB, built on osidb-bindings from PyPI. Use it from Cursor, Claude Desktop, or any MCP client over stdio. PyPI: pypi.org/project/osidb-mcp · Homebrew: vdanen/osidb-mcp · Source: github.com/vdanen/osidb-mcp.
Install
Homebrew
brew tap vdanen/osidb-mcp
brew install osidb-mcp
After the tap is installed, upgrades use brew upgrade osidb-mcp.
PyPI
Published on PyPI as osidb-mcp:
pipx install osidb-mcp
# or
pip install osidb-mcp
Print the installed package version (no OSIDB env or credentials required):
osidb-mcp --version
# or: osidb-mcp -V
Configuration (environment)
| Variable | Required | Description |
|---|---|---|
OSIDB_BASE_URL |
yes | OSIDB root URL, e.g. https://osidb.example.com |
OSIDB_AUTH |
no | kerberos (default) or basic |
OSIDB_USERNAME / OSIDB_PASSWORD |
for basic |
Basic auth for token obtain |
OSIDB_VERIFY_SSL |
no | true (default) or false (prefer REQUESTS_CA_BUNDLE for custom CAs) |
OSIDB_USER_AGENT |
no | Optional extra User-Agent suffix |
OSIDB_MCP_ACCESS_MODE |
no | readonly only (default). readwrite is rejected at startup until mutation tools exist. |
Kerberos: the process must have a valid ticket (kinit) for the OSIDB HTTP service.
Optional keys forwarded by bindings: BUGZILLA_API_KEY, JIRA_ACCESS_TOKEN, JIRA_API_EMAIL.
Cursor / Claude MCP snippet
{
"mcpServers": {
"osidb": {
"command": "osidb-mcp",
"env": {
"OSIDB_BASE_URL": "https://your-internal-osidb",
"OSIDB_AUTH": "kerberos",
"OSIDB_VERIFY_SSL": "true",
"OSIDB_MCP_ACCESS_MODE": "readonly"
}
}
}
}
Tools (read-only)
All MCP tools require a working OSIDB session (env + Kerberos or basic auth). The CLI osidb-mcp --version / -V does not contact OSIDB (see Install). The table lists every registered tool, in the same order as server.py. For longer explanations, example prompts, and limitations, see TOOLS.md. If an LLM agent is calling these tools, read Using with AI agents first.
| Tool | Purpose |
|---|---|
osidb_status |
OSIDB API health / status payload (good connectivity check). |
osidb_whoami |
Current authenticated user / profile from GET /osidb/whoami. |
flaw_get |
One flaw by CVE id or internal uuid; optional include_fields / exclude_fields. Adds osidb_flaw_uuid at top level when there is no CVE yet. |
search_flaws |
High-level search: keyword and/or CVE ids, severity (severity / severities), changed-date range (date_from / date_to), PS product_modules / product_components, workflow, embargo, owner; keyword-only uses OSIDB full-text search. |
get_flaw_details |
Full flaw plus affects and trackers; flaw_id is CVE or uuid. If no CVE, nested lists use flaw__uuid / affects__flaw__uuid. |
get_cve_summary |
Executive rollups: counts by severity and by workflow plus total under shared filters (group_by: severity | workflow | both); multiple flaws_count calls; see partial_errors if a bucket fails. |
flaws_list |
Raw list API: components, nested affects filters (affects_ps_*), workflow, impact, owner, embargo, dates, search, allowlisted extra_query (OSIDB v2 query keys); limit ≤ 100. Success responses include identifier_hint (CVE vs uuid). |
flaws_count |
Same filter surface as flaws_list but returns count only (no flaw bodies). |
flaws_search |
Full-text search over flaws (search parameter); paginated like list APIs. Success responses include identifier_hint. |
affects_list |
Rows keyed by affect with flaw__* filters; scope flaw by flaw_cve_id / flaw_cve_id_in or flaw_uuid / flaw_uuid_in when there is no CVE. |
trackers_list |
Tracker filings; scope by affects_flaw_cve_id (or _in) or affects_flaw_uuid (or _in) when there is no CVE; optional PS filters and tracker_type. |
flaw_comments_list |
Paginated discussion comments for a flaw id. |
flaw_references_list |
Paginated external references (URLs, advisory refs, etc.) for a flaw id. |
flaw_cvss_scores_list |
Paginated CVSS score rows (issuer/version/vector) for a flaw id. |
flaw_acknowledgments_list |
Paginated acknowledgments for a flaw id (CVE or uuid). |
flaw_labels_list |
Paginated flaw collaborator labels for a flaw id. |
flaw_package_versions_list |
Paginated package version rows for a flaw id. |
affect_get |
Single affect by OSIDB uuid; optional field projection and include_history. |
tracker_get |
Single tracker filing by uuid; optional field projection / include_meta_attr. |
labels_list |
Paginated global OSIDB labels (GET /labels); optional allowlisted extra_query. |
affect_cvss_scores_list |
Paginated CVSS rows for one affect (by affect uuid); optional allowlisted extra_query. |
search_component |
Flaws whose flaw-level components intersect components_in (v2 flaws list); optional impact/workflow/date filters. |
query_affects |
Affect rows by CVE (flaw_cve_id / flaw_cve_id_in) and/or flaw UUID (flaw_uuid / flaw_uuid_in); wrapper over affects_list. |
get_pending_exploit_actions |
[EXPERIMENTAL] `GET /exploits/api/v1 |
limit (and analogous list limits) are capped at 100 per request unless noted otherwise on a tool.
When to use which
- Triage / natural language style:
search_flaws,get_flaw_details,get_cve_summary. - Exact OpenAPI filters or rare query keys:
flaws_list/flaws_countwithextra_query(allowlisted keys only). - Affect- or tracker-centric views:
affects_list,trackers_list, or the subresource tools under a known flaw id.
Flaw identifiers (CVE vs internal uuid)
OSIDB flaws always have an internal uuid. A cve_id may be missing until one is assigned — that is normal, not “no identifier.”
- List/search responses include each flaw’s
uuidin JSON.flaws_list,flaws_search, andsearch_flaws(structured path) also return anidentifier_hintstring for agents. flaw_get/get_flaw_details: when there is no usable CVE string, the tool adds top-levelosidb_flaw_uuid(same value asflaw.uuid) so follow-up calls are obvious.get_flaw_details: ifcve_idis empty, affects and trackers are loaded usingflaw__uuid/affects__flaw__uuidautomatically.affects_list/query_affects: useflaw_uuid/flaw_uuid_into scope rows when there is no CVE.trackers_list: useaffects_flaw_uuid/affects_flaw_uuid_in.flaw_comments_list,flaw_references_list,flaw_cvss_scores_list,flaw_acknowledgments_list,flaw_labels_list,flaw_package_versions_list: theflaw_idargument is the same as forflaw_get— CVE string or internaluuid. If you useinclude_fieldsonflaw_get, includeuuidwhen you still need it downstream.
Analyst examples
- Same idea as “search CVEs”: use
search_flawswithkeyword, or combinecve_ids,severity/severities,date_from/date_to, andproduct_modules/product_components. - Critical open flaws touching
httpd:search_flawsorflaws_listwithimpact="CRITICAL",workflow_state_infor non-terminal states, andproduct_components=["httpd"]orcomponents_in/affects_ps_componentas your data model requires. - Unowned important CVEs for a RHEL major:
search_flawswithowner_isempty=true,severities=["IMPORTANT"], andproduct_modules/product_componentsset to the exact PS strings your OSIDB uses for that major (confirm in your internal docs). - Executive rollup:
get_cve_summarywith optional date range and product filters; tunegroup_byif you only need severity or only workflow buckets.
Using with AI agents
These tools return structured JSON (sometimes large). The MCP host (Cursor, Claude Desktop, API client) chooses the LLM — this server cannot select or downgrade a model for you.
- Good default: A mid-tier model (e.g. Sonnet-class) is usually enough for reliable tool names, filters, and reading nested flaw / affect / tracker data.
- Smaller / cheaper models: Reasonable for narrow tasks (one CVE, a known tool, counts only). Tight prompts help; ambiguous multi-step triage may need more retries or a larger model.
- Largest models: Optional when the task is underspecified or you need unusually careful synthesis; for routine read-only chains they are often more than needed.
- Saving tokens: Use
include_fields/exclude_fieldswhere supported; preferflaws_countorget_cve_summaryover pulling many full list pages; keeplimitmodest; ask the agent to summarize instead of echoing entire tool payloads unless you are debugging.
Security
See SECURITY.md for the threat model, OWASP-oriented checklist, and access-mode behavior.
- Outputs may include embargoed content; treat transcripts and logs according to your data classification policy (especially when using hosted LLMs).
OSIDB_MCP_ACCESS_MODE=readonlyis the only supported value today —readwriteexits at startup. When mutation tools exist later, use two MCP entries (readonly vs write-capable) so writes happen only when you intend them.- Never commit
OSIDB_PASSWORD; use IDE env or secret stores.
Development
uv venv .venv && source .venv/bin/activate
uv pip install -e ".[dev]"
python -m osidb_mcp
pytest tests
pip-audit
With Makefile: make install, make test, make audit, or make check (CI-equivalent). make build / make upload for releases (upload requires twine credentials).
Live integration tests: make livetest runs live_tests/ with pytest -vv -s (verbose + uncaptured stderr) when OSIDB_LIVE_TEST=1 and normal OSIDB_* credentials are set. Default assertions use CVE-2014-0160; optional OSIDB_LIVE_MIN_* env vars enforce minimum totals for your instance. Setup, count output, and .gitignore patterns for secrets are documented in live_tests/README.md. Default make test / pytest only run tests/ (offline).
On Debian/Ubuntu (including local containers), install libkrb5-dev before pip install so the gssapi dependency can find krb5-config (Kerberos stack used with osidb-bindings).
License
MIT — see LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.