CVE-MCP

rinadelph/CVE-MCP

3.3

If you are the rightful owner of CVE-MCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

CVE-MCP is an advanced Model Context Protocol server offering comprehensive CVE vulnerability intelligence with unique analysis capabilities.

CVE-MCP: Advanced CVE Intelligence MCP Server

Author: Luis Alejandro Rincon (rinadelph)
License: AGPL-3.0

An advanced Model Context Protocol (MCP) server providing comprehensive CVE vulnerability intelligence with unique analysis capabilities, trend detection, and risk assessment features.

Overview

CVE-MCP goes beyond basic CVE search functionality to provide deep vulnerability intelligence, including exploitability assessments, trend analysis, and bulk vulnerability checking. Built on the MCP framework with SSE transport support, it integrates seamlessly with AI assistants while providing advanced security insights.

Unique Features

  • 🔍 Advanced CVE Search: Multi-criteria search with intelligent caching
  • 📊 Trend Analysis: Analyze CVE patterns and distributions over time
  • ⚠️ Exploit Risk Assessment: Evaluate exploitability with custom risk scoring
  • 🚀 Bulk Operations: Check multiple CVEs simultaneously with summary statistics
  • 💾 Smart Caching: In-memory response caching for improved performance
  • 🔐 Enhanced Security Analysis: Deep vulnerability insights beyond basic CVSS scores
  • 📄 Pagination Support: Handle large result sets efficiently with built-in pagination
  • 📊 Detailed Logging: Comprehensive server-side logging for debugging and monitoring

Installation

Prerequisites

  • Python 3.9 or higher
  • pip package manager
  • NVD API Key (recommended for higher rate limits)

Setup

  1. Clone the repository:
git clone https://github.com/rinadelph/CVE-MCP.git
cd CVE-MCP
  1. Install dependencies:
pip install -e .
  1. Configure your NVD API key (recommended):
# Set as environment variable
export NVD_API_KEY="your-api-key-here"

# Or create .env file
echo "NVD_API_KEY=your-api-key-here" > .env

To obtain an NVD API key:

Usage

Running as SSE Server (Recommended)

# Run on default port 8088
python main.py --transport sse

# Run on custom port
python main.py --transport sse --port 8080

The server will start on http://0.0.0.0:8088 (or your specified port) and accept SSE connections.

Running with STDIO Transport

python main.py --transport stdio

Running with the installed command

After installation, you can also use:

# SSE mode
cve-mcp --transport sse --port 8088

# STDIO mode  
cve-mcp --transport stdio

Integration with AI Assistants

For Cursor IDE or other MCP-compatible tools:

  1. Update the cursor-plug.json file with your NVD API key
  2. Add the configuration to your project
  3. The MCP server will be automatically available

Available Tools

1. cve_search - Advanced CVE Search

Search CVEs with multiple filter options and intelligent result ranking.

Parameters:

  • keyword: Search in CVE descriptions
  • vendor: Filter by vendor name
  • product: Filter by product (requires vendor)
  • severity: Filter by severity (LOW, MEDIUM, HIGH, CRITICAL)
  • last_days: CVEs from last N days
  • cve_id: Search specific CVE
  • limit: Max results to fetch (default: 100)
  • page: Page number for pagination (default: 1)
  • page_size: Results per page (default: 10, max: 50)

2. cve_details - Comprehensive CVE Information

Get detailed vulnerability information including all metrics, weaknesses, and configurations.

Parameters:

  • cve_id: CVE identifier (required)

3. recent_cves - Recent Vulnerability Monitoring

Track newly published or modified CVEs with severity filtering.

Parameters:

  • hours: Look back period (default: 24)
  • severity: Filter by severity level

4. cve_by_vendor - Vendor-Specific Search

Search vulnerabilities by vendor/product/version with CPE matching.

Parameters:

  • vendor: Vendor name (required)
  • product: Product name (optional)
  • version: Product version (optional)

5. cve_analyze_trends - Trend Analysis (Unique)

Analyze CVE patterns and distributions for strategic insights.

Parameters:

  • vendor: Filter by vendor
  • last_days: Analysis period (default: 30)
  • severity: Filter by severity

Returns:

  • Severity distribution
  • Yearly distribution
  • Statistical summaries

6. cve_exploit_assessment - Risk Assessment (Unique)

Evaluate CVE exploitability with custom risk scoring algorithm.

Parameters:

  • cve_id: CVE to assess (required)

Returns:

  • Risk level (LOW/MEDIUM/HIGH/CRITICAL)
  • Risk score (0-10)
  • Exploit availability
  • Attack vector analysis

7. cve_bulk_check - Bulk Vulnerability Check (Unique)

Check multiple CVEs simultaneously with aggregate statistics.

Parameters:

  • cve_ids: List of CVE IDs (max 10)

Returns:

  • Individual CVE status
  • Aggregate statistics
  • Severity distribution

Example Usage

Search for Critical Microsoft Vulnerabilities (with pagination)

{
  "tool": "cve_search",
  "parameters": {
    "vendor": "microsoft",
    "severity": "CRITICAL",
    "last_days": 30,
    "page": 1,
    "page_size": 10
  }
}

Get Next Page of Results

{
  "tool": "cve_search",
  "parameters": {
    "vendor": "microsoft",
    "severity": "CRITICAL",
    "last_days": 30,
    "page": 2,
    "page_size": 10
  }
}

Analyze Apache Vulnerability Trends

{
  "tool": "cve_analyze_trends",
  "parameters": {
    "vendor": "apache",
    "last_days": 90
  }
}

Assess Exploit Risk

{
  "tool": "cve_exploit_assessment",
  "parameters": {
    "cve_id": "CVE-2023-12345"
  }
}

Architecture

CVE-MCP is built with:

  • Async/await for high-performance concurrent operations
  • Smart caching to reduce API calls and improve response times
  • Modular design for easy extension and maintenance
  • Comprehensive error handling with detailed error messages
  • SSE transport for real-time streaming capabilities

API Rate Limits

  • Without API key: 5 requests per 30 seconds
  • With API key: 50 requests per 30 seconds
  • Built-in caching helps maximize efficiency within rate limits

Contributing

Contributions are welcome! Please feel free to submit issues or pull requests.

Acknowledgments

  • National Vulnerability Database (NVD) for providing the CVE data
  • MCP framework developers for the excellent protocol implementation
  • SSE transport pattern inspired by domain-mcp implementation

License

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).

Contact

Created by Luis Alejandro Rincon (rinadelph)
GitHub: https://github.com/rinadelph/CVE-MCP

Building secure systems through intelligent vulnerability analysis