cve-mcp-server
by mukul975·★ 566·Score 53
Production-grade MCP server providing Claude with 27 security intelligence tools across 21 APIs for CVE research and threat analysis.
Overview
CVE MCP Server is a comprehensive security intelligence toolset that transforms Claude into a full-spectrum security analyst. It integrates 27 tools across 21 APIs including NVD, EPSS, CISA KEV, MITRE ATT&CK, Shodan, VirusTotal, and more. The server enables parallel querying of multiple security sources and calculates composite risk scores, eliminating the need for manual cross-referencing. Built with Python using FastMCP framework, it includes rate limiting, response caching, and SQLite storage for efficient operations while maintaining privacy by blocking private IP lookups and processing only outbound HTTPS traffic.
Try asking AI
After installing, here are 6 things you can ask your AI assistant:
When to choose this
Choose this server if you need comprehensive security intelligence capabilities including CVE analysis, threat intelligence, and network security tools in a single MCP server.
When NOT to choose this
Avoid if you need real-time threat detection capabilities or require integration with SIEM systems, as this is focused on intelligence gathering rather than active monitoring.
Tools this server exposes
12 tools extracted from the READMElookup_cveFetch detailed CVE record from NVD including CVSS scores, CWEs, affected products, references, and timeline
search_cvesSearch NVD for CVEs by keyword, product name, severity, or date range
get_epss_scoreGet EPSS exploitation probability (0–1) and percentile for one or more CVEs
check_kev_statusCheck whether a CVE appears in CISA's Known Exploited Vulnerabilities catalog
calculate_risk_scoreCompute composite 0–100 risk score using CVSS, EPSS, KEV status, and PoC availability
generate_risk_reportGenerate a formatted executive security report for one or more CVEs with recommendations
lookup_ip_reputationCheck IP address abuse history and confidence score via AbuseIPDB
virustotal_lookupAnalyze file hashes, URLs, domains, or IPs against 70+ antivirus engines
scan_dependenciesScan package names and versions against OSV.dev for known vulnerabilities
search_exploitsSearch GitHub for public proof-of-concept exploits and exploit code repositories
get_mitre_techniquesMap a CVE or CWE to relevant MITRE ATT&CK techniques, tactics, and mitigations
shodan_host_lookupGet open ports, services, banners, and vulnerabilities for an IP via Shodan
Comparable tools
Installation
Installation
Prerequisites
- Python 3.10+ (3.11 or 3.12 recommended)
- pip or uv package manager
- Git for cloning the repository
- A terminal with access to environment variables
Step-by-step setup
# 1. Clone the repository
git clone https://github.com/mukul975/cve-mcp-server.git
cd cve-mcp-server
# 2. Create and activate a virtual environment
python -m venv venv
# macOS / Linux:
source venv/bin/activate
# Windows (PowerShell):
.\venv\Scripts\Activate.ps1
# 3. Install dependencies
pip install -e .
# 4. Copy and configure environment variables
cp .env.example .env
# Edit .env with your API keysClaude Desktop Configuration
Add to claude_desktop_config.json:
{
"mcpServers": {
"cve": {
"command": "python",
"args": ["-m", "cve_mcp_server"],
"env": {
"CVE_MCP_SERVER_API_KEYS": "YOUR_API_KEYS_HERE"
}
}
}
}FAQ
- Do I need API keys for all the tools?
- No. Most tools work without API keys but with limited rate limits. Keys are recommended for production use or high-volume queries.
- How does the composite risk scoring work?
- The risk score (0-100) combines CVSS severity, EPSS probability, CISA KEV status, PoC availability, and other factors into a normalized metric.
- Is any sensitive data stored or logged?
- The server maintains a local SQLite cache for performance but never logs API keys or sensitive data. Private IP addresses are blocked from all tools.
Compare cve-mcp-server with
Last updated · Auto-generated from public README + GitHub signals.