portlandAF/NVD-MCPServer
3.1
If you are the rightful owner of NVD-MCPServer and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
A minimal MCP-style server that provides tools for accessing NVD CVE data using API v2.0.
Tools
3
Resources
0
Prompts
0
MCP-Style NVD CVE Server
A minimal MCP-style server that exposes tools for fetching NVD CVE data (API v2.0).
Tools
get_cve({ "cveId": "CVE-2024-3094" })list_cves({ "lastModStartDate": "2025-09-01T00:00:00.000Z", "lastModEndDate": "2025-09-03T00:00:00.000Z", ... })sync_cves_since({ "since": "2025-08-27T00:00:00.000Z", "trackCursorKey": "nvd.main" })
Endpoints
GET /mcp/tools→ JSON of tool specsPOST /mcp/call→{"tool":"<name>", "args":{...}}
Run Locally
python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
export NVD_API_KEY=YOUR_KEY # optional but recommended (higher rate limit)
python server.py
# http://localhost:8080/mcp/tools
Docker
docker build -t mcp-nvd:latest .
docker run --rm -p 8080:8080 -e NVD_API_KEY=YOUR_KEY mcp-nvd:latest
systemd (Ubuntu)
sudo mkdir -p /opt/mcp-nvd-server
sudo cp server.py /opt/mcp-nvd-server/
sudo cp requirements.txt /opt/mcp-nvd-server/
cd /opt/mcp-nvd-server && sudo apt update && sudo apt install -y python3-pip
sudo pip3 install -r requirements.txt
# Set your API key in the unit file or as an EnvironmentFile
sudo cp mcp-nvd.service /etc/systemd/system/
# Edit /etc/systemd/system/mcp-nvd.service to set NVD_API_KEY (or use an EnvironmentFile)
sudo systemctl daemon-reload
sudo systemctl enable --now mcp-nvd.service
Example Calls
List tools:
curl http://localhost:8080/mcp/tools
Get one CVE:
curl -s -X POST http://localhost:8080/mcp/call \
-H 'Content-Type: application/json' \
-d '{"tool":"get_cve","args":{"cveId":"CVE-2024-3094"}}' | jq .
List modified in a window:
curl -s -X POST http://localhost:8080/mcp/call \
-H 'Content-Type: application/json' \
-d '{
"tool":"list_cves",
"args":{
"lastModStartDate":"2025-08-27T00:00:00.000Z",
"lastModEndDate":"2025-09-03T00:00:00.000Z",
"cvssV3Severity":["CRITICAL","HIGH"],
"keywordSearch":"openssl",
"resultsPerPage":200
}
}' | jq '.totalResults, .nextStartIndex'
Incremental sync (12h windows by default):
curl -s -X POST http://localhost:8080/mcp/call \
-H 'Content-Type: application/json' \
-d '{
"tool":"sync_cves_since",
"args":{
"since":"2025-08-27T00:00:00.000Z",
"keywordSearch":"nginx",
"cvssV3Severity":["CRITICAL","HIGH"],
"trackCursorKey":"nvd.main"
}
}' | jq '.count, .cursorKey, .lastStoredCursor'
Azure Quick Start
- Create Ubuntu VM (B1s) → open ports 22 and 8080.
- SSH in and install deps:
sudo apt update && sudo apt install -y python3 python3-pip git - Deploy:
sudo mkdir -p /opt/mcp-nvd-server # copy server.py + requirements.txt (scp or git clone your fork) sudo pip3 install -r /opt/mcp-nvd-server/requirements.txt sudo NVD_API_KEY=YOUR_KEY python3 /opt/mcp-nvd-server/server.py - Optional: systemd as a service (edit unit file to add your key).
Notes
- Uses UTC ISO-8601 with
Zand millisecond precision. - Handles 429/503 with jittered backoff and a simple fixed-window rate limiter:
- 50/30s with API key (default), 5/30s without.
- v2.0 sorting is by publish date; we handle modified windows via filtering + pagination.
- De-duplication by CVE ID during sync.