Is Cve Mcp Server safe to use?

Cve Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Cve Mcp Server?

Cve Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can Cve Mcp Server do?

Cve Mcp Server provides 2 tools: search_cves, get_cve. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Cve Mcp Server?

Cve Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Cve Mcp Server actively maintained?

Cve Mcp Server is less actively maintained — last commit was 90 days ago.

Cve Mcp Server

Name: Cve Mcp Server
Author: SuchintK

by SuchintK

MCP Server for CVE Servers

2 tools GitHub

No known CVEs

No license

Maintained

Last commit 90d ago

Works with most clients

Transport: stdio, http

2 tools · ~256 tok

Grade A · 0.1% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "cve-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/cve-mcp-server)](https://mcppedia.org/s/cve-mcp-server)

Read me

What Cve Mcp Server does

A Model Context Protocol (MCP) server providing CVE vulnerability lookup tools backed by the NVD CVE API 2.0. Available as both an MCP server (stdio transport) and standalone HTTP REST API.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

66/100across 5 weighted dimensions

How we score →

0255075100

−34

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (2)

Click any tool to inspect its schema.

~256 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Cve Mcp Server safe to use?: Cve Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Cve Mcp Server?: Cve Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Cve Mcp Server do?: Cve Mcp Server provides 2 tools: search_cves, get_cve. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Cve Mcp Server?: Cve Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Cve Mcp Server actively maintained?: Cve Mcp Server is less actively maintained — last commit was 90 days ago.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Cve Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "cve-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/cve-mcp-server)](https://mcppedia.org/s/cve-mcp-server)

Read me

What Cve Mcp Server does

A Model Context Protocol (MCP) server providing CVE vulnerability lookup tools backed by the NVD CVE API 2.0. Available as both an MCP server (stdio transport) and standalone HTTP REST API.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

CVE Intelligence MCP Server

A Model Context Protocol (MCP) server providing CVE vulnerability lookup tools backed by the NVD CVE API 2.0. Available as both an MCP server (stdio transport) and standalone HTTP REST API.

Features

MCP Tools
- search_cves - Search CVEs by keyword with optional severity and date filters
- get_cve - Get detailed information about a specific CVE
Production-Ready
- In-memory caching with configurable TTL
- Rate limiting per NVD guidelines (automatic with/without API key)
- Automatic retries with exponential backoff
- Defensive parsing and strict input validation
Dual Transport
- MCP server via stdio for AI assistant integration
- HTTP REST API for web/programmatic access
OpenAI Compatible - Function schema endpoint at /openai/tools

Requirements

Go 1.24+
Optional: NVD API key for higher rate limits

Installation

git clone https://github.com/cve-mcp-server/cve-mcp-server.git
cd cve-mcp-server

go mod tidy

# Build MCP server (stdio transport)
go build -o cve-mcp-server ./cmd/server

# Build HTTP server (REST API)
go build -o cve-http-server ./cmd/http-server

Configuration

Environment Variable	Description	Default
`NVD_API_KEY`	NVD API key for higher rate limits (50 req/30s vs 5 req/30s)	-
`PORT`	HTTP server port	`8080`
`CACHE_TTL`	Cache time-to-live	`1h`
`GIN_MODE`	Gin framework mode (`debug`, `release`)	`release`

Usage

MCP Server (stdio)

# Without API key (public rate limits: 5 requests per 30 seconds)
./cve-mcp-server

# With API key (higher rate limits: 50 requests per 30 seconds)
NVD_API_KEY=your-api-key ./cve-mcp-server

HTTP Server (REST API)

# Start server
./cve-http-server

# With custom port
PORT=3000 ./cve-http-server

# With API key
NVD_API_KEY=your-api-key ./cve-http-server

Endpoints:

Method	Endpoint	Description
`POST`	`/search_cves`	Search CVEs by keyword
`POST`	`/get_cve`	Get CVE details by ID
`GET`	`/openai/tools`	OpenAI function schema
`GET`	`/health`	Health check

MCP Tools

search_cves

Search CVEs by keyword and optional filters.

Parameters:

Parameter	Type	Required	Description
`keyword`	string	✓	Search keyword to find in CVE descriptions
`severity`	string		Filter by CVSS v3 severity: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`
`published_start`	string		Filter CVEs published on or after this date (RFC3339)
`published_end`	string		Filter CVEs published on or before this date (RFC3339)
`limit`	integer		Maximum results to return (default: 10, max: 100)

Example Request (HTTP):

curl -X POST http://localhost:8080/search_cves \
  -H "Content-Type: application/json" \
  -d '{"keyword": "log4j", "severity": "CRITICAL", "limit": 5}'

Example Response:

{
  "results": [
    {
      "cve_id": "CVE-2021-44228",
      "description": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages…",
      "severity": "CRITICAL",
      "cvss_score": 10.0,
      "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "published": "2021-12-10T10:15:09.143",
      "last_modified": "2023-04-03T20:15:07.510"
    }
  ],
  "total_found": 1
}

Behavior:

Returns at most limit results
If CVSS/severity is unavailable, sets severity: "UNKNOWN" and omits score fields
Descriptions are truncated to 240 characters at word boundaries

get_cve

Get detailed information about a specific CVE.

Parameters:

| Parameter | Type | Require

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

66/100across 5 weighted dimensions

How we score →

0255075100

−34

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (2)

Click any tool to inspect its schema.

~256 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Cve Mcp Server safe to use?: Cve Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Cve Mcp Server?: Cve Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Cve Mcp Server do?: Cve Mcp Server provides 2 tools: search_cves, get_cve. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Cve Mcp Server?: Cve Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Cve Mcp Server actively maintained?: Cve Mcp Server is less actively maintained — last commit was 90 days ago.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Cve Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?