MCP Servers

VulnMCP

An MCP server for vulnerability management that provides tools for automated severity and CWE classification using NLP models. It enables AI agents to query the Vulnerability Lookup API for detailed CVE information and search for security vulnerabilities across various sources.

README

VulnMCP

VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.

Features

Vulnerability Severity Classification -- Automatically assess the criticality of vulnerabilities using CIRCL's fine-tuned NLP models: CIRCL/vulnerability-severity-classification-roberta-base (English) and CIRCL/vulnerability-severity-classification-chinese-macbert-base (Chinese).
CWE Classification -- Predict CWE categories from vulnerability descriptions using CIRCL/cwe-parent-vulnerability-classification-roberta-base.
Vulnerability Lookup -- Query the Vulnerability Lookup API to get detailed information about specific CVEs or search vulnerabilities by source, CWE, product, or date.
Modular Architecture -- Easily add new skills or tools to expand the functionality of the MCP server.

Installation

Requires Python 3.10+ and Poetry v2+.

git clone https://github.com/vulnerability-lookup/VulnMCP.git
cd VulnMCP
poetry install

Running the MCP server

stdio (default)

The default transport, used by most MCP clients (Claude Code, Claude Desktop, etc.):

poetry run vulnmcp

HTTP transport

For network access or multiple concurrent clients:

poetry run fastmcp run vulnmcp/server.py --transport http --host 127.0.0.1 --port 9000

Available tools

Tool	Description
`classify_severity`	Classify vulnerability severity (low/medium/high/critical) from a text description. Supports English and Chinese with auto-detection.
`classify_cwe`	Predict CWE categories from a vulnerability description. Returns top-5 predictions with parent CWE mapping.
`get_recent_vulnerabilities_by_cwe`	Fetch the 3 most recent CVEs for a given CWE ID.
`get_vulnerability`	Look up a specific vulnerability by ID (e.g. CVE-2025-14847) with optional comments, sightings, bundles, and linked vulnerabilities.
`search_vulnerabilities`	Search vulnerabilities with filters: source, CWE, product, date range, pagination.

List all tools:

poetry run fastmcp list vulnmcp/server.py

Testing tools from the command line

Use fastmcp call to invoke any tool directly:

# Look up a specific CVE
poetry run fastmcp call vulnmcp/server.py get_vulnerability vulnerability_id=CVE-2025-14847

# Search for recent SQL injection vulnerabilities
poetry run fastmcp call vulnmcp/server.py search_vulnerabilities cwe=CWE-89 per_page=5

# Classify severity from a description
poetry run fastmcp call vulnmcp/server.py classify_severity \
    description="A remote code execution vulnerability allows an attacker to execute arbitrary code via a crafted JNDI lookup."

# Classify CWE from a description
poetry run fastmcp call vulnmcp/server.py classify_cwe \
    description="Fix buffer overflow in authentication handler"

Connecting to Claude Code

claude mcp add vulnmcp -- poetry --directory /path/to/VulnMCP run vulnmcp

Or with fastmcp install:

poetry run fastmcp install claude-code vulnmcp/server.py --name VulnMCP

Once registered, the tools are available to Claude Code. You can verify with:

claude mcp list

Configuration

Environment variable	Description	Default
`VULNMCP_LOOKUP_URL`	Base URL for the Vulnerability Lookup API	`https://vulnerability.circl.lu`

License

AGPL-3.0-or-later

Recommended Servers

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official

Featured

TypeScript

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official

Featured

Local

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official

Featured

TypeScript

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official

Featured

Python

E2B

Using MCP to run code via e2b.

Official

Featured

Neon Database

MCP server for interacting with Neon Management API and databases

Official

Featured

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official

Featured

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official

Featured