CVE Intelligence Server
FreeNot checkedProvides multi-source vulnerability intelligence for AI-powered security operations, combining NVD CVSS, CISA KEV, and EPSS scores without requiring an API key.
About
Provides multi-source vulnerability intelligence for AI-powered security operations, combining NVD CVSS, CISA KEV, and EPSS scores without requiring an API key.
README
A Model Context Protocol (MCP) server that provides multi-source vulnerability intelligence for AI-powered security operations. Combines three free, authoritative data sources into a single unified interface — no API key required.
"Should I panic about this CVE?" — This server answers that question.
Why This Server?
Most CVE tools give you just a CVSS score. But security teams need to know:
- How severe is it? → CVSS score (from NVD)
- Is it being exploited RIGHT NOW? → CISA KEV catalog
- How LIKELY is exploitation? → EPSS probability score
This server combines all three into a single risk verdict.
┌─────────────────────────────────────────────────────────┐
│ mcp-server-cve-intel │
│ │
│ ┌─────────────┐ ┌──────────────┐ ┌───────────────┐ │
│ │ NVD (NIST) │ │ CISA KEV │ │ EPSS │ │
│ │ CVE details │ │ Known │ │ Exploit │ │
│ │ CVSS scores │ │ Exploited │ │ Prediction │ │
│ │ References │ │ Vulns catalog│ │ Probability │ │
│ └──────┬──────┘ └──────┬───────┘ └───────┬───────┘ │
│ └────────────────┼──────────────────┘ │
│ ▼ │
│ 🎯 UNIFIED RISK VERDICT │
│ "CVE-2021-44228: CVSS 10.0, ACTIVELY EXPLOITED, │
│ 97.5% chance of exploitation → 🚨 PATCH NOW" │
└─────────────────────────────────────────────────────────┘
Features
- 🔍 CVE Lookup — Full intelligence report from 3 sources for any CVE
- 🔎 CVE Search — Search vulnerabilities by keyword (product, vendor, type)
- 🚨 CISA KEV Feed — Latest actively exploited vulnerabilities
- 📊 EPSS Scores — Exploit probability predictions (next 30 days)
- 🎯 Risk Verdicts — Automated risk scoring combining all factors
- 🆓 No API Key Required — All data sources are free and public
- 🏠 Local + Remote — Supports both stdio and SSE transport
Quick Start
1. Install
git clone https://github.com/gopichand458/mcp-server-cve-intel.git
cd mcp-server-cve-intel
pip install -r requirements.txt
2. Run Local (for Claude Desktop)
python server.py
Add to your claude_desktop_config.json:
{
"mcpServers": {
"cve-intel": {
"command": "python",
"args": ["/FULL/PATH/TO/mcp-server-cve-intel/server.py"]
}
}
}
3. Run Remote (shareable SSE server)
python server.py --remote
# → Available at http://localhost:8000/sse
Optional: NVD API Key (for higher rate limits)
The server works without an API key, but NVD limits unauthenticated requests to 5 per 30 seconds. Get a free key for 50 requests/30 sec:
# Request key at: https://nvd.nist.gov/developers/request-an-api-key
export NVD_API_KEY="your-key-here"
python server.py
Tools
cve_lookup — Full CVE Intelligence Report
Get comprehensive intelligence for a specific CVE combining all 3 sources.
Input: cve_lookup(cve_id="CVE-2021-44228")
Output: {
"cve_id": "CVE-2021-44228",
"description": "Apache Log4j2 <=2.14.1 JNDI features...",
"cvss_score": 10.0,
"severity": "CRITICAL",
"epss": {
"score_percent": "97.5%",
"interpretation": "🔴 CRITICAL — Very high probability of exploitation"
},
"cisa_kev": {
"in_kev_catalog": true,
"actively_exploited": true,
"known_ransomware_use": "Known"
},
"risk_verdict": {
"overall": "🚨 CRITICAL — Immediate action required. Patch NOW.",
"risk_score": "100/100",
"risk_factors": [
"🔴 CVSS Critical (9.0+)",
"🔴 ACTIVELY EXPLOITED (in CISA KEV)",
"🔴 USED IN RANSOMWARE CAMPAIGNS",
"🔴 EPSS 97.5% — Very likely to be exploited"
]
}
}
cve_search — Search by Keyword
Input: cve_search(keyword="Microsoft Exchange", limit=5)
Output: List of matching CVEs with CVSS scores and severity
cve_recent_kev — Actively Exploited Vulnerabilities
Input: cve_recent_kev(limit=10)
Output: Latest additions to CISA's Known Exploited Vulnerabilities catalog
cve_epss_score — Exploit Probability
Input: cve_epss_score(cve_id="CVE-2024-3094")
Output: EPSS score with probability and percentile interpretation
Resources
| URI | Description |
|---|---|
cve-intel://about |
Server info and data source details |
cve-intel://severity-guide |
CVSS/EPSS/KEV interpretation guide |
Prompts
| Prompt | Description |
|---|---|
vulnerability_assessment |
Guided CVE assessment workflow |
threat_briefing |
Current threat landscape briefing |
Example Conversations
After connecting to Claude Desktop:
You: "Tell me about CVE-2024-3094"
Claude: calls cve_lookup → Provides full report with CVSS, EPSS, exploitation status, and risk verdict
You: "What's being actively exploited right now?"
Claude: calls cve_recent_kev → Lists latest CISA KEV additions with remediation guidance
You: "Find vulnerabilities in Apache Struts and tell me which to patch first"
Claude: calls cve_search + cve_epss_score → Searches, ranks by EPSS, recommends priority
Data Sources
| Source | What It Provides | Rate Limit | Auth |
|---|---|---|---|
| NVD (NIST) | CVE details, CVSS scores, CWEs, references | 5 req/30s (free), 50/30s (with key) | Optional |
| CISA KEV | Actively exploited CVEs, remediation deadlines | Unlimited | None |
| EPSS (FIRST.org) | Exploit probability (0-100%) for next 30 days | Unlimited | None |
Compatibility
| Client | Supported |
|---|---|
| Claude Desktop | ✅ (stdio) |
| Claude Code | ✅ |
| Cursor | ✅ |
| VS Code + Copilot | ✅ |
| Any MCP client | ✅ |
Project Structure
mcp-server-cve-intel/
├── server.py # MCP server — tools, resources, prompts
├── cve_client.py # Multi-source CVE intelligence client
├── requirements.txt # Dependencies
├── LICENSE # MIT License
├── .gitignore
└── README.md # This file
Contributing
Contributions welcome! Some ideas:
- Add more data sources (OSV, GitHub Security Advisories)
- Add caching for CISA KEV (it's a large JSON file)
- Add a
cve_comparetool for side-by-side comparison - Docker support
- PyPI packaging
Author
GKonakala — github.com/gopichand458
License
MIT License — see LICENSE for details.
Disclaimer
Disclaimer
This product uses the NVD API but is not endorsed or certified by the NVD.
This tool aggregates publicly available vulnerability data for security research and operational purposes. It is not affiliated with NIST, CISA, or FIRST.org. Always verify critical findings through official sources.
Built with Model Context Protocol by Anthropic
Installing CVE Intelligence Server
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/gopichand458/mcp-server-cve-intelFAQ
Is CVE Intelligence Server MCP free?
Yes, CVE Intelligence Server MCP is free — one-click install via Unyly at no cost.
Does CVE Intelligence Server need an API key?
No, CVE Intelligence Server runs without API keys or environment variables.
Is CVE Intelligence Server hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install CVE Intelligence Server in Claude Desktop, Claude Code or Cursor?
Open CVE Intelligence Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
by modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
by xuzexin-hzCompare CVE Intelligence Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All ai MCPs
