mcp-nvd-server

mcp-nvd-server

3.3
security

If you are the rightful owner of mcp-nvd-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

MCP NVD Server is a Model Context Protocol server designed to retrieve CVE information from the National Vulnerability Database (NVD).

MCP NVD Server

MCP server that retrieves CVE information from the national vulnerability database (NVD).

Installation

Prerequisites

Install the following.

Building

[!NOTE] This project employs uv.

  1. Synchronize dependencies and update the lockfile.
uv sync

Debugging

MCP Inspector

Use MCP Inspector.

Launch the MCP Inspector as follows:

npx @modelcontextprotocol/inspector uv --directory /path/to/mcp-nvd run mcp-nvd

Testing

This project employs pytest for testing.

pytest results 
============================================================= test session starts =============================================================
platform win32 -- Python 3.12.9, pytest-8.3.5, pluggy-1.5.0
rootdir: D:\Users\ghays\src\mcp-nvd-server
configfile: pyproject.toml
plugins: anyio-4.9.0
collected 4 items

src/mcp_nvd/test_nvd.py::test_fetch_cve
---------------------------------------------------------------- live log call ---------------------------------------------------------------- 
2025-05-16 15:50:32 [    INFO] Fetching CVE: CVE-2025-30065... (nvd.py:42)
2025-05-16 15:50:33 [    INFO] Response: 200 (nvd.py:48)
2025-05-16 15:50:33 [    INFO] Description: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad 
actors to execute arbitrary code


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:33 [    INFO] Using constructor method to fetch CVE data for CVE-2025-30065 (test_nvd.py:14)
2025-05-16 15:50:33 [    INFO] Description (en) value: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions 
allows bad actors to execute arbitrary code


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (test_nvd.py:31)
2025-05-16 15:50:33 [    INFO] Description (es) value: El análisis del esquema en el módulo parquet-avro de Apache Parquet 1.15.0 y versiones anteriores permite que actores maliciosos ejecuten código arbitrario. Se recomienda a los usuarios actualizar a la versión 1.15.1, que soluciona el problema. (test_nvd.py:31)
2025-05-16 15:50:33 [    INFO] Reference check: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 (test_nvd.py:36)
PASSED                                                                                                                                   [ 25%] 
src/mcp_nvd/test_nvd.py::test_fetch_cve_no_constructor
---------------------------------------------------------------- live log call ---------------------------------------------------------------- 
2025-05-16 15:50:33 [    INFO] Fetching CVE: CVE-2025-30065... (nvd.py:42)
2025-05-16 15:50:34 [    INFO] Response: 200 (nvd.py:48)
2025-05-16 15:50:34 [    INFO] Description: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad 
actors to execute arbitrary code


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:34 [    INFO] Using non-constructor method to fetch CVE data for CVE-2025-30065 (test_nvd.py:43)
PASSED                                                                                                                                   [ 50%] 
src/mcp_nvd/test_nvd.py::test_fetch_description
---------------------------------------------------------------- live log call ---------------------------------------------------------------- 
2025-05-16 15:50:34 [    INFO] Fetching CVE: CVE-2025-30065... (nvd.py:42)
2025-05-16 15:50:34 [    INFO] Response: 200 (nvd.py:48)
2025-05-16 15:50:34 [    INFO] Description: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad 
actors to execute arbitrary code


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:34 [    INFO] Description for language 'en': Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (test_nvd.py:69)
PASSED                                                                                                                                   [ 75%] 
src/mcp_nvd/test_nvd.py::test_fetch_references
---------------------------------------------------------------- live log call ---------------------------------------------------------------- 
2025-05-16 15:50:34 [    INFO] Fetching CVE: CVE-2025-30065... (nvd.py:42)
2025-05-16 15:50:34 [    INFO] Response: 200 (nvd.py:48)
2025-05-16 15:50:34 [    INFO] Description: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad 
actors to execute arbitrary code







Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:34 [    INFO] Reference URL: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 (test_nvd.py:82)


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:34 [    INFO] Reference URL: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 (test_nvd.py:82)


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:34 [    INFO] Reference URL: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 (test_nvd.py:82)


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:34 [    INFO] Reference URL: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 (test_nvd.py:82)


Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)




Users are recommended to upgrade to version 1.15.1, which fixes the issue. (nvd.py:55)
2025-05-16 15:50:34 [    INFO] Reference URL: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 (test_nvd.py:82)
2025-05-16 15:50:34 [    INFO] Reference URL: http://www.openwall.com/lists/oss-security/2025/04/01/1 (test_nvd.py:82)
2025-05-16 15:50:34 [    INFO] Reference URL: https://access.redhat.com/security/cve/CVE-2025-30065 (test_nvd.py:82)
2025-05-16 15:50:34 [    INFO] Reference URL: https://github.com/apache/parquet-java/pull/3169 (test_nvd.py:82)
2025-05-16 15:50:34 [    INFO] Reference URL: https://news.ycombinator.com/item?id=43603091 (test_nvd.py:82)
2025-05-16 15:50:34 [    INFO] Reference URL: https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/ (test_nvd.py:82)
2025-05-16 15:50:34 [    INFO] Reference URL: https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java (test_nvd.py:82)
2025-05-16 15:50:34 [    INFO] Reference URL: https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java (test_nvd.py:82)
PASSED                                                                                                                                   [100%] 

============================================================== 4 passed in 2.74s ==============================================================

NVD Rate Limiting

How to Add an API Key

Related MCP Servers

View all security servers →
better-auth-mcp-server

better-auth-mcp-server

4.2

by nahmanmate

MCP Server for Authentication Management

security
ida-pro-mcp

ida-pro-mcp

3.7

by mrexodia

Simple MCP Server to allow vibe reversing in IDA Pro.

developer_tools
mcp

mcp

3.7

by semgrep

Semgrep MCP Server is a Model Context Protocol server that uses Semgrep to scan code for security vulnerabilities.

security
osv-mcp

osv-mcp

3.7

by StacklokLabs

An MCP server providing access to the OSV database for querying vulnerability information.

databases
code-sandbox-mcp

code-sandbox-mcp

3.6

by Automata-Labs-team

A secure sandbox environment for executing code within Docker containers. This MCP server provides AI applications with a safe and isolated environment for running code while maintaining security through containerization.

security
BloodHound-MCP-AI

BloodHound-MCP-AI

3.6

by MorDavid

BloodHound-MCP is a Model Context Protocol Server integration for BloodHound, enabling natural language analysis of Active Directory data.

security
ida-mcp-server-plugin

ida-mcp-server-plugin

3.6

by taida957789

IDA Pro MCP Server is a plugin that allows remote querying and control of IDA Pro through the Model Context Protocol (MCP) interface.

developer_tools
mcp-maigret

mcp-maigret

3.6

by BurtTheCoder

Maigret MCP Server is a Model Context Protocol server for Maigret, an OSINT tool that collects user account information from various public sources.

security
apktool-mcp-server

apktool-mcp-server

3.6

by zinja-coder

apktool-mcp-server is a fully automated MCP server built on top of apktool to analyze Android APKs using LLMs like Claude, providing live reverse engineering support.

security
MCP2Lambda

MCP2Lambda

3.6

by danilop

MCP2Lambda allows LLMs to interact with AWS Lambda functions as tools, enabling access to real-time and private data, execution of custom code, and interaction with external services.

cloud_platforms
dynatrace-mcp

dynatrace-mcp

3.5

by dynatrace-oss

This remote MCP server allows interaction with the Dynatrace observability platform, bringing real-time observability data directly into your development workflow.

monitoring
zionfhe_mcp_server_test

zionfhe_mcp_server_test

3.5

by joyecai

Zionfhe_mcp_server_test is a server implementation based on the new homomorphic encryption technology ZIONFHE, designed to provide secure computation capabilities.

security
remote-mcp-functions-dotnet

remote-mcp-functions-dotnet

3.5

by Azure-Samples

This document provides a quickstart guide to building and deploying a remote Model Context Protocol (MCP) server using Azure Functions with .NET/C#.

cloud_platforms
mcp-server-wazuh

mcp-server-wazuh

3.5

by gbrigandi

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

security
VibeShift

VibeShift

3.5

by GroundNG

VibeShift is an intelligent security agent designed to integrate seamlessly with AI coding assistants, acting as an automated security engineer to analyze code, identify vulnerabilities, and facilitate AI-driven remediation.

security
jadx-mcp-plugin

jadx-mcp-plugin

3.5

by mobilehackinglab

The Jadx MCP Plugin provides a Java-based plugin for Jadx, exposing its API over HTTP to enable interaction with MCP clients like Claude, facilitating AI-assisted security analysis of Android apps.

security
auth0-mcp-server

auth0-mcp-server

3.5

by auth0

The Auth0 MCP Server integrates with LLMs and AI agents, allowing you to perform various Auth0 management operations using natural language.

developer_tools
aws-security-mcp

aws-security-mcp

3.5

by groovyBugify

AWS Security MCP is a Model Context Protocol server that allows AI assistants to autonomously inspect and analyze AWS infrastructure for security issues.

security
Wazuh-MCP-Server

Wazuh-MCP-Server

3.5

by gensecaihq

Wazuh MCP Server is an AI-powered security operations platform that integrates conversational AI with traditional SIEM operations.

security
pentest-mcp

pentest-mcp

3.5

by DMontgomery40

Pentest MCP is a Model Context Protocol server that integrates essential pentesting tools into a unified natural language interface, allowing security professionals to execute, chain, and analyze multiple tools through conversational commands.

security
mcp_zoomeye

mcp_zoomeye

3.5

by zoomeye-ai

A Model Context Protocol (MCP) server that provides network asset information based on query conditions.

research_and_data
pyATS_MCP

pyATS_MCP

3.5

by automateyournetwork

The pyATS MCP Server is a Model Context Protocol Server that integrates with Cisco pyATS and Genie, enabling structured interaction with network devices using JSON-RPC 2.0 over STDIO.

developer_tools
NGCBot-MCP

NGCBot-MCP

3.5

by ngc660sec

NGCBot-MCP-Server is a WeChat bot based on the HOOK mechanism, supporting various features like security news push, AI responses, and more.

communication
mcp-security-audit

mcp-security-audit

3.5

by qianniuspace

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities.

security
cve-search_mcp

cve-search_mcp

3.5

by roadwy

A Model Context Protocol (MCP) server for querying the CVE-Search API, providing access to CVE data, vendor and product browsing, and more.

security
onepassword-mcp-server

onepassword-mcp-server

3.5

by dkvdm

This MCP server is a proof of concept for educational purposes, utilizing the 1Password Python SDK to securely retrieve credentials.

security
volatility-mcp

volatility-mcp

3.5

by Gaffx

Volatility MCP integrates Volatility 3 with FastAPI and MCP for seamless memory forensics.

security