CVE
The CVE MCP Server connects vulnerability intelligence, exploit intelligence, threat intelligence, network reputation data, package security data, and security reporting workflows to one local MCP endpoint.
Security engineers, vulnerability analysts, incident responders, DevSecOps teams, and platform teams can use it to query 27 security tools across 21 data sources from a single Claude session.
The MCP server runs on Python and FastMCP. It uses httpx for outbound API calls, aiosqlite for local caching, Pydantic v2 for typed models, and defusedxml for safe XML parsing.
The main workflow centers on CVE triage, exploit lookup, package scanning, suspicious IP checks, and executive reporting. The MCP server keeps every lookup outbound over HTTPS and stores cache data on the local machine.
Features
- Connects Claude to 27 security tools through the Model Context Protocol.
- Queries 21 security data sources for CVE records, threat signals, package advisories, network reputation, and malware intelligence.
- Calculates a composite 0-100 risk score from CVSS, EPSS, KEV status, and proof-of-concept availability.
- Generates executive risk reports for one CVE or a batch of CVEs.
- Ranks multiple CVEs by triage priority.
- Scans package versions against OSV.dev and GitHub Security Advisories.
- Checks suspicious IPs against AbuseIPDB, GreyNoise, Shodan, and CIRCL Passive DNS.
- Looks up hashes, domains, IPs, URLs, malware families, and ransomware wallet activity.
- Caches API responses in SQLite with per-resource TTL rules.
- Logs every tool invocation to a rotating local audit log.
How To Use It
Table Of Contents
Install the server with pip
Run these commands in a terminal:
git clone https://github.com/mukul975/cve-mcp-server.git
cd cve-mcp-server
python -m venv venvmacOS and Linux users can activate the environment with:
source venv/bin/activateWindows PowerShell users can activate the environment with:
.\venv\Scripts\Activate.ps1Windows Command Prompt users can activate the environment with:
venv\Scripts\activate.batInstall the package in editable mode:
pip install -e .Install the test dependencies with:
pip install -e ".[test]"Start the server and confirm that Python can load the package:
python -m cve_mcp.serverInstall the server with uv
uv users can create an environment and install the project with these commands:
git clone https://github.com/mukul975/cve-mcp-server.git
cd cve-mcp-server
uv venv
source .venv/bin/activate
uv pip install -e .
cp .env.example .envWindows users should switch the activation command to .venv\Scripts\activate.
Configure environment variables
Copy the sample environment file:
cp .env.example .envSet keys and runtime options in .env:
| Variable | Purpose | Notes |
|---|---|---|
NVD_API_KEY | Raises the NVD rate limit. | NVD moves from 5 requests per 30 seconds to 50 requests per 30 seconds. |
GITHUB_TOKEN | Raises GitHub API rate limits and unlocks advisory and exploit lookups. | A personal access token with no special scopes is enough for the documented flow. |
ABUSEIPDB_KEY | Authenticates AbuseIPDB queries. | Required for lookup_ip_reputation. |
VIRUSTOTAL_KEY | Authenticates VirusTotal queries. | Required for virustotal_lookup. |
URLSCAN_KEY | Authenticates URLScan.io queries. | Required for URL submissions. |
SHODAN_KEY | Authenticates Shodan lookups. | Required for shodan_host_lookup. |
GREYNOISE_API_KEY | Authenticates GreyNoise queries. | The server uses the /v3/ip/{ip} endpoint. |
CIRCL_PDNS_USER | Supplies the CIRCL Passive DNS username. | CIRCL access requires partner registration. |
CIRCL_PDNS_PASS | Supplies the CIRCL Passive DNS password. | Pair this value with CIRCL_PDNS_USER. |
ABUSECH_AUTH_KEY | Authenticates Abuse.ch lookups. | Enables higher-confidence MalwareBazaar and ThreatFox access for search_malware and search_iocs. |
CACHE_DB_PATH | Overrides the SQLite cache location. | The default path is ~/.cve-mcp/cache.db. |
AUDIT_LOG_PATH | Overrides the audit log location. | The default path is ~/.cve-mcp/audit.log. |
REQUEST_TIMEOUT | Sets the HTTP timeout in seconds. | The default value is 30. |
MAX_RETRIES | Sets the retry count for transient failures. | The default value is 3. |
Add API keys in a practical order
The server can start with zero keys. Eight tools work in key-free mode: EPSS, CISA KEV, OSV.dev, MITRE ATT&CK, CWE lookups, CVSS parsing, Ransomwhere, and NVD at a lower rate.
| Priority | Variables | What they unlock | Free tier notes |
|---|---|---|---|
| Tier 1 | NVD_API_KEY, GITHUB_TOKEN | Faster NVD queries, GitHub Advisory search, exploit PoC search | NVD: 50 requests per 30 seconds with key. GitHub: 5,000 requests per hour with token. GitHub drops to 60 requests per hour when the token is absent. |
| Tier 2 | ABUSEIPDB_KEY, VIRUSTOTAL_KEY, GREYNOISE_API_KEY, SHODAN_KEY | IP reputation, malware verdicts, scan activity, host reconnaissance | AbuseIPDB: 1,000 checks per day. VirusTotal: 500 per day and 4 per minute. GreyNoise: 50 queries per week on the community tier. |
| Tier 3 | URLSCAN_KEY, CIRCL_PDNS_USER, CIRCL_PDNS_PASS, ABUSECH_AUTH_KEY | URL scanning, historical DNS intelligence, MalwareBazaar search, ThreatFox IOC search | URLScan.io: 5,000 public scans per day. CIRCL access needs approval. Abuse.ch authentication is optional. |
Connect the server to Claude Desktop
macOS path:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows path:
%APPDATA%\Claude\claude_desktop_config.jsonUse absolute paths in the config:
{
"mcpServers": {
"cve-mcp": {
"command": "python",
"args": ["-m", "cve_mcp.server"],
"cwd": "/absolute/path/to/cve-mcp-server",
"env": {
"NVD_API_KEY": "your-key-here",
"GITHUB_TOKEN": "ghp_xxxxxxxxxxxxxxxxxxxx",
"ABUSEIPDB_KEY": "your-abuseipdb-key",
"GREYNOISE_API_KEY": "your-greynoise-key",
"SHODAN_KEY": "your-shodan-key"
}
}
}
}Connect the server to Claude Code
Claude Code can register the server from the shell:
claude mcp add cve-mcp -- python -m cve_mcp.serverClaude Code can load environment variables from .env:
claude mcp add cve-mcp --env-file .env -- python -m cve_mcp.serverCheck the registration list with:
claude mcp listRun the first queries
A no-key setup can answer common CVE questions right away. Start with prompts such as:
What is CVE-2021-44228? Is it actively exploited?The server can answer this request. It queries NVD, EPSS, and CISA KEV.
A package scan prompt can start with:
Scan these Python packages for vulnerabilities: requests 2.28.0, flask 2.2.0, django 3.2.0A higher-fidelity patching prompt can start with:
Calculate the risk score for CVE-2024-3400 and tell me if we should patch immediately.Available MCP Tools
| Tool | Example input pattern |
|---|---|
lookup_cve | lookup_cve("CVE-2024-3400") |
search_cves | search_cves(keyword="Apache Log4j", severity="CRITICAL") |
get_epss_score | get_epss_score("CVE-2024-3400") |
check_kev_status | check_kev_status("CVE-2021-44228") |
get_cvss_details | get_cvss_details("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H") |
get_cwe_info | get_cwe_info("CWE-79") |
get_cve_references | get_cve_references("CVE-2023-44487") |
bulk_cve_lookup | bulk_cve_lookup(["CVE-2024-3400", "CVE-2023-44487"]) |
search_exploits | search_exploits("CVE-2024-3400") |
get_mitre_techniques | get_mitre_techniques("CVE-2021-44228") |
check_poc_availability | check_poc_availability("CVE-2024-3400") |
get_attack_patterns | get_attack_patterns("CWE-89") |
calculate_risk_score | calculate_risk_score("CVE-2024-3400") |
generate_risk_report | generate_risk_report(["CVE-2024-3400", "CVE-2023-44487"]) |
prioritize_cves | prioritize_cves(["CVE-2024-3400", "CVE-2023-4966", "CVE-2023-44487"]) |
get_trending_cves | get_trending_cves(days=7, min_epss=0.5) |
lookup_ip_reputation | lookup_ip_reputation("185.220.101.34") |
check_ip_noise | check_ip_noise("185.220.101.34") |
shodan_host_lookup | shodan_host_lookup("8.8.8.8") |
passive_dns_lookup | passive_dns_lookup("example.com") |
virustotal_lookup | virustotal_lookup(hash="44d88612fea8a8f36de82e1278abb02f") |
search_malware | search_malware(tag="Emotet") |
search_iocs | search_iocs(malware="CobaltStrike") |
check_ransomware | check_ransomware(address="bc1q...") |
scan_dependencies | scan_dependencies(ecosystem="PyPI", packages={"requests": "2.28.0"}) |
scan_github_advisories | scan_github_advisories(ecosystem="pip", package="django") |
urlscan_check | urlscan_check("https://suspicious-site.com") |
FAQs
Q: Which Claude clients can run CVE MCP Server?
A: Claude Desktop and Claude Code are the documented host environments. The transport uses stdio.
Q: Can the server run with no API keys?
A: Yes. EPSS, CISA KEV, OSV.dev, MITRE ATT&CK, CWE lookups, CVSS parsing, Ransomwhere, and lower-rate NVD access work in key-free mode.
Q: Which key should I add first?
A: NVD_API_KEY is the strongest first step. It raises NVD throughput from 5 requests per 30 seconds to 50 requests per 30 seconds.
Q: What does the risk score measure?
A: The risk score combines CVSS severity, EPSS exploitation probability, CISA KEV status, and proof-of-concept availability into one 0-100 number.
Q: Does the server scan my network or hosts directly?
A: No. The server performs intelligence lookups against external APIs. It does not probe internal infrastructure.
Q: Where does the server store its local data?
A: The default cache path is ~/.cve-mcp/cache.db. The default audit log path is ~/.cve-mcp/audit.log.
Q: Which IP ranges does the server block?
A: The documented blocked ranges include 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16, ::1, and fc00::/7.
Q: Can the server calculate CVSS v4.0 scores on its own?
A: No. The local calculator handles CVSS v3.1. The server can still display CVSS v4.0 values returned by NVD.
Q: Can the server help with dependency triage?
A: Yes. scan_dependencies checks package versions against OSV.dev. scan_github_advisories adds GitHub advisory context for package ecosystems.
Latest MCP Servers
CVE
WebMCP
webmcp is an MCP server that connects MCP clients to web search, page fetching, and local LLM-based extraction. It’s ideal…
Google Meta Ads GA4
Featured MCP Servers
Notion
Claude Peers
Excalidraw
FAQs
Q: What exactly is the Model Context Protocol (MCP)?
A: MCP is an open standard, like a common language, that lets AI applications (clients) and external data sources or tools (servers) talk to each other. It helps AI models get the context (data, instructions, tools) they need from outside systems to give more accurate and relevant responses. Think of it as a universal adapter for AI connections.
Q: How is MCP different from OpenAI's function calling or plugins?
A: While OpenAI's tools allow models to use specific external functions, MCP is a broader, open standard. It covers not just tool use, but also providing structured data (Resources) and instruction templates (Prompts) as context. Being an open standard means it's not tied to one company's models or platform. OpenAI has even started adopting MCP in its Agents SDK.
Q: Can I use MCP with frameworks like LangChain?
A: Yes, MCP is designed to complement frameworks like LangChain or LlamaIndex. Instead of relying solely on custom connectors within these frameworks, you can use MCP as a standardized bridge to connect to various tools and data sources. There's potential for interoperability, like converting MCP tools into LangChain tools.
Q: Why was MCP created? What problem does it solve?
A: It was created because large language models often lack real-time information and connecting them to external data/tools required custom, complex integrations for each pair. MCP solves this by providing a standard way to connect, reducing development time, complexity, and cost, and enabling better interoperability between different AI models and tools.
Q: Is MCP secure? What are the main risks?
A: Security is a major consideration. While MCP includes principles like user consent and control, risks exist. These include potential server compromises leading to token theft, indirect prompt injection attacks, excessive permissions, context data leakage, session hijacking, and vulnerabilities in server implementations. Implementing robust security measures like OAuth 2.1, TLS, strict permissions, and monitoring is crucial.
Q: Who is behind MCP?
A: MCP was initially developed and open-sourced by Anthropic. However, it's an open standard with active contributions from the community, including companies like Microsoft and VMware Tanzu who maintain official SDKs.
