cve-mcp

adhir-potdar/cve-mcp

3.1

If you are the rightful owner of cve-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

An MCP server that provides CVE information from GitHub Security Advisories.

Tools
4
Resources
0
Prompts
0

CVE GitHub Advisory MCP Server

An MCP (Model Context Protocol) server that provides CVE (Common Vulnerabilities and Exposures) information from GitHub Security Advisories.

Features

  • Get detailed CVE information from GitHub Security Advisories
  • Search advisories by GHSA ID
  • Search advisories with filters (ecosystem, severity, affected packages)
  • GitHub authentication with personal access tokens
  • RESTful API interface compatible with MCP clients

Installation

  1. Run the installation script:

    ./install.sh

  2. Get a GitHub personal access token:

    • Go to GitHub Settings → Developer settings → Personal access tokens
    • Create a token with public_repo scope

Usage

Start the Server

source venv/bin/activate
python3 CveServer.py

The server will start on http://localhost:8086/sse

Test the Server

List available tools:

source venv/bin/activate
python3 test_client.py list_tools "your_github_token"

Get CVE details:

source venv/bin/activate
python3 test_client.py get_cve "your_github_token" --cve-id CVE-2024-1234

Get CVE fix details:

source venv/bin/activate
python3 test_client.py get_fix "your_github_token" --cve-id CVE-2024-1234

Get GHSA details:

source venv/bin/activate
python3 test_client.py get_ghsa "your_github_token" --ghsa-id GHSA-xxxx-xxxx-xxxx

Search advisories:

# Search by ecosystem and severity
source venv/bin/activate
python3 test_client.py search "your_github_token" --ecosystem npm --severity high

# Search by affected package
source venv/bin/activate
python3 test_client.py search "your_github_token" --affects "lodash"

# Search with date filters
source venv/bin/activate
python3 test_client.py search "your_github_token" --published "2024-01-01"

Available Tools

  • get_cve_details: Get detailed information about a CVE
  • get_cve_fix_details: Get comprehensive fix and remediation details for a CVE
  • get_advisory_by_ghsa: Get advisory details by GHSA ID
  • search_security_advisories: Search advisories with filters

Configuration

Edit mcp-config.json to customize:

  • Server host/port
  • Default pagination settings
  • Request timeout

Requirements

  • Python 3.7+
  • GitHub personal access token
  • Internet connection