Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

EUVD

БесплатноНе проверен

MCP server for the European Union Vulnerability Database (EUVD) maintained by ENISA. Enables searching for vulnerabilities with flexible filters, fetching lates

GitHubEmbed

Описание

MCP server for the European Union Vulnerability Database (EUVD) maintained by ENISA. Enables searching for vulnerabilities with flexible filters, fetching latest, critical, and exploited vulnerabilities, and looking up specific vulnerabilities and advisories by ID.

README

MCP server for the European Union Vulnerability Database (EUVD) maintained by ENISA.

Features

  • Search vulnerabilities with flexible filters (CVSS, EPSS, dates, product, vendor, exploited status, etc.)
  • Get latest, critical, and exploited vulnerabilities
  • Lookup specific vulnerabilities and advisories by ID
  • Automatic retries with exponential backoff
  • Bounded TTL cache (cachetools.TTLCache) for list endpoints
  • Structured logging (always to stderr — safe for stdio transport)
  • /health liveness endpoint and /metrics observability endpoint (HTTP mode)
  • Startup connectivity check to the EUVD API
  • Two transport modes: HTTP (standalone/Docker) and stdio (subprocess/Claude Desktop)

Requirements

Installation

git clone <repository-url>
cd euvdmcp
poetry install

Copy the example environment file and adjust as needed:

cp .env.template .env

Configuration

All settings are read from environment variables (or a .env file at the project root).

Variable Default Description
TRANSPORT http Transport mode: http or stdio
HOST 127.0.0.1 Server bind address (HTTP mode only)
PORT 8000 Server port (HTTP mode only)
EUVD_BASE_URL https://euvdservices.enisa.europa.eu EUVD API base URL
EUVD_TIMEOUT 30 HTTP request timeout (seconds)
EUVD_MAX_RETRIES 3 Max retries on transient failures
CACHE_TTL 30 TTL for cached list responses (seconds)
CACHE_MAX_SIZE 128 Maximum entries in the response cache
LOG_LEVEL INFO Logging level (DEBUG, INFO, WARNING, ERROR)
USER_AGENT euvd-mcp-tool User-Agent header sent to the EUVD API

Running

uvicorn (recommended)

uvicorn euvd_mcp.main:app --host 127.0.0.1 --port 8000

With live reload during development:

uvicorn euvd_mcp.main:app --host 127.0.0.1 --port 8000 --reload

Poetry

poetry run python -m euvd_mcp.main

Server runs on http://127.0.0.1:8000/mcp by default.

Docker

Build the image:

make docker-build

Run with a .env file (configuration is not baked into the image):

make docker-run        # uses .env automatically

Or docker-compose:

make compose-up        # start
make compose-logs      # tail logs
make compose-down      # stop

stdio (Claude Desktop / subprocess)

TRANSPORT=stdio poetry run python -m euvd_mcp.main

Note: In stdio mode the /health and /metrics endpoints are not available. Logs go to stderr so they do not interfere with the MCP protocol on stdout.

Integrating with LLM Clients

Claude Desktop — HTTP (server running separately)

Add to your Claude Desktop configuration file:

macOS/Linux: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "euvd": {
      "url": "http://127.0.0.1:8000/mcp"
    }
  }
}

Claude Desktop — stdio (subprocess)

{
  "mcpServers": {
    "euvd": {
      "command": "poetry",
      "args": ["run", "python", "-m", "euvd_mcp.main"],
      "env": { "TRANSPORT": "stdio" }
    }
  }
}

Claude Desktop — Docker

{
  "mcpServers": {
    "euvd": {
      "command": "docker",
      "args": [
        "run", "--rm", "-p", "8000:8000",
        "--env-file", "/absolute/path/to/.env",
        "euvd-mcp:local"
      ]
    }
  }
}

Example queries

  • "What are the latest critical vulnerabilities?"
  • "Search for exploited vulnerabilities with CVSS score above 8.0"
  • "Get details for vulnerability EUVD-2024-45012"
  • "Find vulnerabilities from Microsoft published in the last 30 days"

Available Tools

Tool Description
get_last_vulnerabilities Latest vulnerabilities (up to 8)
get_exploited_vulnerabilities Latest exploited vulnerabilities
get_critical_vulnerabilities Latest critical vulnerabilities (CVSS ≥ 9.0)
search_vulnerabilities Search with CVSS, EPSS, date, vendor, product, and exploited filters
get_vulnerability_by_id Fetch a single vulnerability by EUVD ID (e.g. EUVD-2024-45012)
get_advisory_by_id Fetch an advisory by its vendor-assigned ID

Observability

Two endpoints are available in HTTP mode:

Endpoint Description
GET /health Liveness probe — returns {"status": "ok", "version": "...", "uptime_seconds": N}
GET /metrics Request counts, per-tool latencies, cache hit/miss ratio, error breakdown

Project Structure

euvdmcp/
├── euvd_mcp/
│   ├── main.py                    # MCP server, tool definitions, health/metrics routes
│   ├── controllers/
│   │   └── euvd_api.py            # Async API client with retry and TTL cache
│   ├── models/
│   │   ├── input_models.py        # Pydantic input validation models
│   │   └── vulnerability.py       # Response data models
│   ├── utils/
│   │   ├── settings.py            # Configuration (pydantic-settings)
│   │   ├── logging_config.py      # Structured logging setup
│   │   └── metrics.py             # In-process metrics collector
│   └── tests/                     # pytest test suite
├── Dockerfile                     # Multi-stage build, non-root user, HEALTHCHECK
├── docker-compose.yml
├── Makefile
└── pyproject.toml

Development

poetry install                 # install all dependencies (incl. dev)
make pre-commit-setup          # install git hooks
make test                      # run tests
make test-cov                  # run tests with coverage report
make lint                      # ruff + mypy
make format                    # auto-format with ruff
make security                  # bandit + pip-audit

CI

Three GitHub Actions workflows run on every PR to main:

  • CI — tests, security scan (bandit + pip-audit), lock-file check, Docker build
  • Code Quality — ruff lint/format, mypy type check, markdown validation
  • Security Scan — Trivy container scan, results uploaded to GitHub Security tab

License

See LICENSE

Author

Duarte Dias

Acknowledgments

  • ENISA — European Union Agency for Cybersecurity
  • FastMCP — MCP framework

from github.com/TLDart/EUVD-MCP

Установка EUVD

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/TLDart/EUVD-MCP

FAQ

EUVD MCP бесплатный?

Да, EUVD MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для EUVD?

Нет, EUVD работает без API-ключей и переменных окружения.

EUVD — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить EUVD в Claude Desktop, Claude Code или Cursor?

Открой EUVD на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare EUVD with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории data