VulScan-MCP
MCP server that scans project dependencies for security vulnerabilities (CVEs) and provides fix instructions directly in VS Code via Copilot.
README
VulScan-MCP š”ļø
Scan your dependencies for security vulnerabilities (CVEs) directly in VS Code
Ask Copilot: "Check for vulnerabilities" ā Get instant CVE reports with fix instructions.
Quick Start
- Install: Search "VulScan-MCP" in VS Code Extensions
- Requirement: Python 3.11+ installed (Download)
- Use: Ask Copilot:
"Check for security vulnerabilities"
That's it! Dependencies auto-install on first use.
What You Get
### 1. lodash @ 4.17.15
#### š¦ Library Affected
- Package: lodash
- Current Version: 4.17.15
- Severity: HIGH
#### š CVE Details
- CVE IDs: CVE-2021-23337, CVE-2020-28500
- What is it: Command injection vulnerability allowing attackers to execute arbitrary code
#### ā
Mitigation Steps
ā ļø WARNING: Version upgrade required. Test in staging first.
1. Update package.json: "lodash": "^4.17.21"
2. Run: npm install
3. Run full test suite
4. Deploy to staging and monitor
Supported
Languages: JavaScript, TypeScript, Python, Java, Go, Rust, Ruby, PHP, C++, .NET
Sources: NVD (National Vulnerability Database) + OSV (Open Source Vulnerabilities)
Platforms: Windows, macOS, Linux
What It Checks
ā
Security vulnerabilities (CVEs) - Known exploitable flaws
ā NOT deprecated packages - This tool is CVE-focused only
Note: Clean results mean no CVEs found - packages may still be outdated but secure.
Troubleshooting
Python not found?
Install Python 3.11+ globally, then restart VS Code.
"No module named 'mcp'" error?
python3 -m pip install --user mcp requests
Still issues? Check logs:
- Windows:
%TEMP%\vulscan-mcp-debug.log - macOS/Linux:
/tmp/vulscan-mcp-debug.log
Developer Info
# Clone & run
git clone https://github.com/abhishekrai43/VulScan-MCP.git
cd VulScan-MCP
pip install -r requirements.txt
python -m mcp_server
# Test extension
cd vulscan-mcp-vscode
npm install && npm run compile
# Press F5 in VS Code
License & Support
MIT License | Report Issues
Built with Model Context Protocol, NVD API, OSV API
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.