Cve Lookup
БесплатноНе проверенProvides live CVE data from NVD and EPSS without API key, enabling AI assistants to look up CVSS scores, search vulnerabilities, and check product CVEs.
Описание
Provides live CVE data from NVD and EPSS without API key, enabling AI assistants to look up CVSS scores, search vulnerabilities, and check product CVEs.
README
An MCP server that gives AI assistants live access to CVE data from the National Vulnerability Database (NVD) and FIRST EPSS — no API key required.
Built for use with Claude Code and any other Model Context Protocol compatible client.
Tools
| Tool | Description |
|---|---|
lookup_cve |
Full details for a CVE — CVSS score, description, affected products, EPSS exploitation probability, references |
search_cves |
Search NVD by keyword with optional severity and year filters |
check_product_cves |
Find all HIGH/CRITICAL CVEs for a vendor/product (useful during version fingerprinting) |
Example prompts
Look up CVE-2022-41352
Search for critical Zimbra RCE vulnerabilities from 2022
Check CVEs for apache struts
Installation
Option 1 — pipx (recommended)
pipx install cve-lookup-mcp
Option 2 — pip
pip install cve-lookup-mcp
Option 3 — run from source
git clone https://github.com/Aashish-32/cve-lookup-mcp
cd cve-lookup-mcp
pip install -e .
Configuration
Add to your ~/.claude.json (Claude Code) or equivalent MCP client config:
{
"mcpServers": {
"cve-lookup": {
"command": "cve-lookup-mcp",
"args": []
}
}
}
If installed from source, point directly at the script:
{
"mcpServers": {
"cve-lookup": {
"command": "python3",
"args": ["/path/to/cve-lookup-mcp/src/cve_lookup_mcp/server.py"]
}
}
}
Restart your MCP client after adding the config.
Data sources
| Source | What it provides | Rate limit |
|---|---|---|
| NVD API v2 | CVE details, CVSS scores, affected products | ~5 req/30s (no key), 50 req/30s (with key) |
| FIRST EPSS API | Exploitation probability score | None |
NVD API key (optional)
Without a key, NVD allows roughly 5 requests per 30 seconds. For heavier use, request a free API key from NVD and set it as an environment variable:
{
"mcpServers": {
"cve-lookup": {
"command": "cve-lookup-mcp",
"env": {
"NVD_API_KEY": "your-key-here"
}
}
}
}
Development
git clone https://github.com/Aashish-32/cve-lookup-mcp
cd cve-lookup-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
Run the server manually (stdio mode):
cve-lookup-mcp
Test with a raw JSON-RPC call:
echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1"}}}' \
| cve-lookup-mcp
License
MIT
Установка Cve Lookup
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Aashish-32/cve-lookup-mcpFAQ
Cve Lookup MCP бесплатный?
Да, Cve Lookup MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Cve Lookup?
Нет, Cve Lookup работает без API-ключей и переменных окружения.
Cve Lookup — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Cve Lookup в Claude Desktop, Claude Code или Cursor?
Открой Cve Lookup на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Cve Lookup with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
