Command Palette

Search for a command to run...

UnylyUnyly
Browse all

CVE Intelligence Server

FreeNot checked

Provides multi-source vulnerability intelligence for AI-powered security operations, combining NVD CVSS, CISA KEV, and EPSS scores without requiring an API key.

GitHubEmbed

About

Provides multi-source vulnerability intelligence for AI-powered security operations, combining NVD CVSS, CISA KEV, and EPSS scores without requiring an API key.

README

A Model Context Protocol (MCP) server that provides multi-source vulnerability intelligence for AI-powered security operations. Combines three free, authoritative data sources into a single unified interface — no API key required.

"Should I panic about this CVE?" — This server answers that question.

Why This Server?

Most CVE tools give you just a CVSS score. But security teams need to know:

  • How severe is it? → CVSS score (from NVD)
  • Is it being exploited RIGHT NOW? → CISA KEV catalog
  • How LIKELY is exploitation? → EPSS probability score

This server combines all three into a single risk verdict.

┌─────────────────────────────────────────────────────────┐
│           mcp-server-cve-intel                           │
│                                                          │
│  ┌─────────────┐  ┌──────────────┐  ┌───────────────┐  │
│  │ NVD (NIST)  │  │ CISA KEV     │  │  EPSS         │  │
│  │ CVE details │  │ Known        │  │  Exploit      │  │
│  │ CVSS scores │  │ Exploited    │  │  Prediction   │  │
│  │ References  │  │ Vulns catalog│  │  Probability  │  │
│  └──────┬──────┘  └──────┬───────┘  └───────┬───────┘  │
│         └────────────────┼──────────────────┘           │
│                          ▼                               │
│              🎯 UNIFIED RISK VERDICT                     │
│   "CVE-2021-44228: CVSS 10.0, ACTIVELY EXPLOITED,      │
│    97.5% chance of exploitation → 🚨 PATCH NOW"         │
└─────────────────────────────────────────────────────────┘

Features

  • 🔍 CVE Lookup — Full intelligence report from 3 sources for any CVE
  • 🔎 CVE Search — Search vulnerabilities by keyword (product, vendor, type)
  • 🚨 CISA KEV Feed — Latest actively exploited vulnerabilities
  • 📊 EPSS Scores — Exploit probability predictions (next 30 days)
  • 🎯 Risk Verdicts — Automated risk scoring combining all factors
  • 🆓 No API Key Required — All data sources are free and public
  • 🏠 Local + Remote — Supports both stdio and SSE transport

Quick Start

1. Install

git clone https://github.com/gopichand458/mcp-server-cve-intel.git
cd mcp-server-cve-intel
pip install -r requirements.txt

2. Run Local (for Claude Desktop)

python server.py

Add to your claude_desktop_config.json:

{
    "mcpServers": {
        "cve-intel": {
            "command": "python",
            "args": ["/FULL/PATH/TO/mcp-server-cve-intel/server.py"]
        }
    }
}

3. Run Remote (shareable SSE server)

python server.py --remote
# → Available at http://localhost:8000/sse

Optional: NVD API Key (for higher rate limits)

The server works without an API key, but NVD limits unauthenticated requests to 5 per 30 seconds. Get a free key for 50 requests/30 sec:

# Request key at: https://nvd.nist.gov/developers/request-an-api-key
export NVD_API_KEY="your-key-here"
python server.py

Tools

cve_lookup — Full CVE Intelligence Report

Get comprehensive intelligence for a specific CVE combining all 3 sources.

Input:  cve_lookup(cve_id="CVE-2021-44228")

Output: {
  "cve_id": "CVE-2021-44228",
  "description": "Apache Log4j2 <=2.14.1 JNDI features...",
  "cvss_score": 10.0,
  "severity": "CRITICAL",
  "epss": {
    "score_percent": "97.5%",
    "interpretation": "🔴 CRITICAL — Very high probability of exploitation"
  },
  "cisa_kev": {
    "in_kev_catalog": true,
    "actively_exploited": true,
    "known_ransomware_use": "Known"
  },
  "risk_verdict": {
    "overall": "🚨 CRITICAL — Immediate action required. Patch NOW.",
    "risk_score": "100/100",
    "risk_factors": [
      "🔴 CVSS Critical (9.0+)",
      "🔴 ACTIVELY EXPLOITED (in CISA KEV)",
      "🔴 USED IN RANSOMWARE CAMPAIGNS",
      "🔴 EPSS 97.5% — Very likely to be exploited"
    ]
  }
}

cve_search — Search by Keyword

Input:  cve_search(keyword="Microsoft Exchange", limit=5)
Output: List of matching CVEs with CVSS scores and severity

cve_recent_kev — Actively Exploited Vulnerabilities

Input:  cve_recent_kev(limit=10)
Output: Latest additions to CISA's Known Exploited Vulnerabilities catalog

cve_epss_score — Exploit Probability

Input:  cve_epss_score(cve_id="CVE-2024-3094")
Output: EPSS score with probability and percentile interpretation

Resources

URI Description
cve-intel://about Server info and data source details
cve-intel://severity-guide CVSS/EPSS/KEV interpretation guide

Prompts

Prompt Description
vulnerability_assessment Guided CVE assessment workflow
threat_briefing Current threat landscape briefing

Example Conversations

After connecting to Claude Desktop:

You: "Tell me about CVE-2024-3094"

Claude: calls cve_lookup → Provides full report with CVSS, EPSS, exploitation status, and risk verdict

You: "What's being actively exploited right now?"

Claude: calls cve_recent_kev → Lists latest CISA KEV additions with remediation guidance

You: "Find vulnerabilities in Apache Struts and tell me which to patch first"

Claude: calls cve_search + cve_epss_score → Searches, ranks by EPSS, recommends priority

Data Sources

Source What It Provides Rate Limit Auth
NVD (NIST) CVE details, CVSS scores, CWEs, references 5 req/30s (free), 50/30s (with key) Optional
CISA KEV Actively exploited CVEs, remediation deadlines Unlimited None
EPSS (FIRST.org) Exploit probability (0-100%) for next 30 days Unlimited None

Compatibility

Client Supported
Claude Desktop ✅ (stdio)
Claude Code
Cursor
VS Code + Copilot
Any MCP client

Project Structure

mcp-server-cve-intel/
├── server.py           # MCP server — tools, resources, prompts
├── cve_client.py       # Multi-source CVE intelligence client
├── requirements.txt    # Dependencies
├── LICENSE             # MIT License
├── .gitignore
└── README.md           # This file

Contributing

Contributions welcome! Some ideas:

  • Add more data sources (OSV, GitHub Security Advisories)
  • Add caching for CISA KEV (it's a large JSON file)
  • Add a cve_compare tool for side-by-side comparison
  • Docker support
  • PyPI packaging

Author

GKonakalagithub.com/gopichand458

License

MIT License — see LICENSE for details.

Disclaimer

Disclaimer

This product uses the NVD API but is not endorsed or certified by the NVD.

This tool aggregates publicly available vulnerability data for security research and operational purposes. It is not affiliated with NIST, CISA, or FIRST.org. Always verify critical findings through official sources.


Built with Model Context Protocol by Anthropic

from github.com/gopichand458/mcp-server-cve-intel

Installing CVE Intelligence Server

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/gopichand458/mcp-server-cve-intel

FAQ

Is CVE Intelligence Server MCP free?

Yes, CVE Intelligence Server MCP is free — one-click install via Unyly at no cost.

Does CVE Intelligence Server need an API key?

No, CVE Intelligence Server runs without API keys or environment variables.

Is CVE Intelligence Server hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install CVE Intelligence Server in Claude Desktop, Claude Code or Cursor?

Open CVE Intelligence Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare CVE Intelligence Server with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All ai MCPs