Is Cmdb_nvd_nessus_mcp_server safe to use?

Cmdb_nvd_nessus_mcp_server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Cmdb_nvd_nessus_mcp_server?

Cmdb_nvd_nessus_mcp_server can be installed by cloning its GitHub repository and following the setup instructions in the README.

Is Cmdb_nvd_nessus_mcp_server actively maintained?

Cmdb_nvd_nessus_mcp_server is actively maintained — last commit was 0 days ago. It has 6 GitHub stars.

Cmdb_nvd_nessus_mcp_server

A Model Context Protocol (MCP) server for vulnerability intelligence automation with Agentic AI. This project combines a Configuration Management Database (CMDB) with real-time CVE ingestion from NIST NVD to identify potential exposure across our assets.

ActiveNot tested

Data AI / ML

★ 6GitHub

26DNo CVEsactive

Quick Install

{
  "mcpServers": {
    "cmdb-nvd-nessus-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Setup guide

No install config available. Check the server's README for setup instructions.

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/cmdb-nvd-nessus-mcp-server)](https://mcppedia.org/s/cmdb-nvd-nessus-mcp-server)

Should you use this server?

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 0 days ago. 6 stars.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

README

CMDB-NVD-NESSUS MCP Server

A Model Context Protocol (MCP) server for vulnerability intelligence automation with Agentic AI. This system combines a Configuration Management Database (CMDB) with real-time CVE ingestion from NIST NVD and leverages LLM-driven reasoning for vulnerability correlation followed by Nessus scan to validate the issue.

Overview

This MCP server enables an AI agent (e.g., Claude Desktop) to:

Query a read-only CMDB (asset inventory)
Fetch recent CVE data from NVD via the official REST API
Perform LLM driven co-relation between CVEs and assets in CMDB
Perform Nessus scan on a potentially exposed asset with the CVE plugin
Generate and send structured, explainable vulnerability reports via email

Data Flow

Load assets from CMDB
Fetch latest CVEs from NVD
Pre-process CVEs and assets
Perform correlation to determine potentially exposed assets
Call Nessus to validate the vulnerability
Generate structured vulnerability findings
Send report via email

Architecture

cmdb-cve-mcp/
├── server.py          # MCP server (tool definitions + orchestration)
├── cmdb.py            # SQLite-based read-only CMDB with sample assets
├── nvd_client.py      # Client to query NVD CVE API
├── email_sender.py    # SMTP email utility
├── requirements.txt
└── README.md

Available MCP Tools

Tool	Description	Example Prompt
`list_assets`	View all CMDB assets (read-only)	"Show me all assets in my CMDB"
`get_assets_json`	Retrieve assets as structured JSON for LLM analysis	"Get assets in JSON format"
`get_cves_json`	Retrieve CVEs as structured JSON for LLM analysis	"Fetch CVEs in JSON format"
`fetch_latest_cves`	Retrieve CVEs in human-readable format	"Show latest CVEs of last 3 days with CVSS > 9"
`send_vulnerability_report`	Send report based on LLM-generated findings	"Send report to user@example.com"

Guardrails

Security Guardrails

Read-only CMDB – prevents asset modification
Trusted data source – CVEs fetched only from official NVD API
Restricted tool scope – no arbitrary command execution
Secure configuration – credentials managed via environment variables

Operational Guardrails

CVE window limits – capped query range (max 90 days)
Rate-limit aware fetching – respects NVD API constraints
Bounded outputs – prevents excessive token usage
Guided LLM reasoning – enforces structured, version-aware decisions

Limitations

❗ No Native Version Parser

Version extraction relies on LLM interpretation of strings
May struggle with non-standard version formats and missing version data

❗ Scalability Issue

All CVEs and assets may be passed to LLM for co-relation
Can lead to increased latency, higher token usage and reduced efficiency at scale

❗ LLM Dependency

Accuracy depends on prompt quality and model capability
May cause hallucinations

❗ No Automated Validation

No programmatic verification of LLM decisions
Incorrect reasoning may pass through if not reviewed

❗ No Exploit Intelligence

Does not consider active exploitation, public exploit availability and threat prioritization

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Score Breakdown

MCPpedia Score

Click each category to see evidence

26D

Last scored 8h ago

How we score →

Security

3/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

CVEs checked daily via OSV.dev. Score algorithm is open source.

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Cmdb_nvd_nessus_mcp_server safe to use?: Cmdb_nvd_nessus_mcp_server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Cmdb_nvd_nessus_mcp_server?: Cmdb_nvd_nessus_mcp_server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Cmdb_nvd_nessus_mcp_server?: Cmdb_nvd_nessus_mcp_server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is Cmdb_nvd_nessus_mcp_server actively maintained?: Cmdb_nvd_nessus_mcp_server is actively maintained — last commit was 0 days ago. It has 6 GitHub stars.

Similar servers

View all →

PostgreSQL MCP Server

Official

No CVEs98A

Query and manage PostgreSQL databases directly from AI assistants

1 toolsstdio83.8k73.6k/wk1d ago

Sequential Thinking MCP Server

Official

No CVEs98A

Dynamic problem-solving through sequential thought chains

1 toolsstdio83.8k111.0k/wk1d ago

XcodeBuildMCP

Official

No CVEs97A

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

2 toolsremote5.2k46.6k/wk1d ago

Supabase MCP Server

Official

No CVEs97A

Manage Supabase projects — databases, auth, storage, and edge functions

4 toolsremote2.6k1.4k/wk8d ago

MCP Security Weekly

Get CVE alerts and security updates for Cmdb_nvd_nessus_mcp_server and similar servers.

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

CMDB-NVD-NESSUS MCP Server

Overview

This MCP server enables an AI agent (e.g., Claude Desktop) to:

Query a read-only CMDB (asset inventory)
Fetch recent CVE data from NVD via the official REST API
Perform LLM driven co-relation between CVEs and assets in CMDB
Perform Nessus scan on a potentially exposed asset with the CVE plugin
Generate and send structured, explainable vulnerability reports via email

Data Flow

Load assets from CMDB
Fetch latest CVEs from NVD
Pre-process CVEs and assets
Perform correlation to determine potentially exposed assets
Call Nessus to validate the vulnerability
Generate structured vulnerability findings
Send report via email

Architecture

cmdb-cve-mcp/
├── server.py          # MCP server (tool definitions + orchestration)
├── cmdb.py            # SQLite-based read-only CMDB with sample assets
├── nvd_client.py      # Client to query NVD CVE API
├── email_sender.py    # SMTP email utility
├── requirements.txt
└── README.md

Available MCP Tools

Tool	Description	Example Prompt
`list_assets`	View all CMDB assets (read-only)	"Show me all assets in my CMDB"
`get_assets_json`	Retrieve assets as structured JSON for LLM analysis	"Get assets in JSON format"
`get_cves_json`	Retrieve CVEs as structured JSON for LLM analysis	"Fetch CVEs in JSON format"
`fetch_latest_cves`	Retrieve CVEs in human-readable format	"Show latest CVEs of last 3 days with CVSS > 9"
`send_vulnerability_report`	Send report based on LLM-generated findings	"Send report to user@example.com"

Guardrails

Security Guardrails

Read-only CMDB – prevents asset modification
Trusted data source – CVEs fetched only from official NVD API
Restricted tool scope – no arbitrary command execution
Secure configuration – credentials managed via environment variables

Operational Guardrails

CVE window limits – capped query range (max 90 days)
Rate-limit aware fetching – respects NVD API constraints
Bounded outputs – prevents excessive token usage
Guided LLM reasoning – enforces structured, version-aware decisions

Limitations

❗ No Native Version Parser

Version extraction relies on LLM interpretation of strings
May struggle with non-standard version formats and missing version data

❗ Scalability Issue

All CVEs and assets may be passed to LLM for co-relation
Can lead to increased latency, higher token usage and reduced efficiency at scale

❗ LLM Dependency

Accuracy depends on prompt quality and model capability
May cause hallucinations

❗ No Automated Validation

No programmatic verification of LLM decisions
Incorrect reasoning may pass through if not reviewed

❗ No Exploit Intelligence

Does not consider active exploitation, public exploit availability and threat prioritization