CVE Search Server
БесплатноНе проверенEnables searching and analyzing CVEs and vulnerabilities from multiple sources, optimized for PR review scenarios to help developers identify the latest securit
Описание
Enables searching and analyzing CVEs and vulnerabilities from multiple sources, optimized for PR review scenarios to help developers identify the latest security issues.
README
A Model Context Protocol (MCP) server for CVE and vulnerability searching, optimized for PR review scenarios. Helps developers and security teams identify the latest CVEs and vulnerabilities — including those that postdate an LLM's training data.
Features
- 8 tools covering CVE lookup, bulk scanning, keyword search, product search, recent CVEs, high-severity alerts, database stats, and detailed CVSS breakdowns
- Multi-source: NVD, GitHub Advisory, OSV, CIRCL — searched concurrently and deduplicated
- Smart normalization: "Node.js", "Spring Boot", "log4j2" all resolve correctly
- Optional auth:
GITHUB_TOKENandNVD_API_KEYfor higher rate limits - 3 transports: stdio (default), SSE, Streamable HTTP
Installation
Prerequisites
- Python 3.10+
- uv package manager
Install
cd cve-search
uv sync
Development Setup
uv sync --extra dev
uv run --extra dev pytest
uv run black src/
uv run ruff check src/
Configuration
| Env Var | Default | Description |
|---|---|---|
GITHUB_TOKEN |
none | GitHub personal access token. Raises GitHub Advisory API rate limit from 60 to 5000 req/hr. |
NVD_API_KEY |
none | NVD API key. Raises rate limit from 5 to 50 req/30s. Get one at nvd.nist.gov. |
CVE_SEARCH_TIMEOUT |
20 |
HTTP request timeout in seconds. |
CVE_SEARCH_MAX_RESULTS |
100 |
Maximum results returned per tool call. |
Running
# stdio (default — for Claude Desktop/IDE)
uv run python main.py
# SSE
uv run python main.py --transport sse --host 127.0.0.1 --port 8000
# Streamable HTTP (MCP spec 2025-06-18+)
uv run python main.py --transport streamable-http --host 127.0.0.1 --port 8000
Claude Desktop Config
{
"mcpServers": {
"cve-search": {
"command": "uv",
"args": ["--directory", "/path/to/cve-search", "run", "python", "main.py"],
"env": {
"GITHUB_TOKEN": "your-token-here",
"NVD_API_KEY": "your-key-here"
}
}
}
}
Tools
| Tool | Description | Speed |
|---|---|---|
search_cve_by_id |
Look up a specific CVE by ID (e.g. CVE-2021-44228) | Fast |
bulk_cve_lookup |
Look up up to 20 CVE IDs in one call — ideal for scanning PR dependency lists | Fast |
search_vulnerabilities_by_product |
Search by vendor/product name (e.g. vendor="apache", product="struts") | Slow (10-15s) |
get_recent_cves |
Get CVEs from the last N days | Fast |
check_high_severity_cves |
Get CVSS ≥ 7.0 CVEs from the last N days | Fast |
search_by_keyword |
Smart multi-source keyword search (NVD + GitHub Advisory + OSV) | Fast |
get_vulnerability_stats |
Database stats: total CVE count, last updated timestamp | Fast |
cvss_score_lookup |
Detailed CVSS v3/v4 breakdown for a CVE (base score, vector string, per-metric) | Fast |
PR Review Workflow
Scan a list of CVE IDs from a dependency audit
bulk_cve_lookup(["CVE-2021-44228", "CVE-2023-44487", "CVE-2024-12345"])
Search for vulnerabilities in a technology being introduced
search_by_keyword("spring boot")
Check high-severity CVEs published this week
check_high_severity_cves(7)
Get detailed CVSS breakdown for a flagged CVE
cvss_score_lookup("CVE-2021-44228")
Project Structure
cve-search/
├── src/mcp_server_cve_search/
│ ├── config.py # Config from env vars
│ ├── server.py # FastMCP app + transport dispatch
│ ├── tools/ # One module per tool group
│ │ ├── cve_lookup.py # search_cve_by_id, bulk_cve_lookup
│ │ ├── product_search.py
│ │ ├── recent_cves.py # get_recent_cves, check_high_severity_cves
│ │ ├── keyword_search.py
│ │ ├── stats.py # get_vulnerability_stats
│ │ └── cvss.py # cvss_score_lookup
│ ├── sources/ # One client per API
│ │ ├── circl.py # CIRCL CVE Search
│ │ ├── nvd.py # NVD/NIST (optional API key)
│ │ ├── github.py # GitHub Advisory (optional token)
│ │ └── osv.py # OSV (Google)
│ └── utils/
│ ├── severity.py # CVSS score helpers
│ ├── normalization.py # Keyword normalization + tech mappings
│ └── formatting.py # Summary/alert formatting
├── tests/
├── examples/
├── main.py
├── test_server.py # Manual live-API integration test
└── pyproject.toml
Data Sources
| Source | URL | Notes |
|---|---|---|
| CIRCL CVE Search | cve.circl.lu | Primary source; no auth required |
| NVD (NIST) | nvd.nist.gov | Richest CVSS data; optional API key |
| GitHub Advisory | github.com/advisories | Optional token for higher rate limits |
| OSV (Google) | osv.dev | Open source vulnerability database |
License
MIT License
Установка CVE Search Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Arnabdaz/CVE-Search-MCPFAQ
CVE Search Server MCP бесплатный?
Да, CVE Search Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для CVE Search Server?
Нет, CVE Search Server работает без API-ключей и переменных окружения.
CVE Search Server — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить CVE Search Server в Claude Desktop, Claude Code или Cursor?
Открой CVE Search Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare CVE Search Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
