Cybersecurity Vulnerability Intelligence MCP Server

Unified vulnerability intelligence from 4 government data sources in a single MCP server. Get enriched CVE lookups with CVSS scores, active exploitation status, exploitation probability, and ATT&CK techniques in one call.

| Source | What It Provides | Update Frequency | |--------|-----------------|-----------------| | NIST NVD 2.0 | CVE details, CVSS scores, descriptions, references, CWE classifications | Continuous | | CISA KEV | Actively exploited vulnerabilities catalog, remediation deadlines | Daily | | FIRST.org EPSS | Exploitation probability scores (0-1) predicting likelihood of exploitation in next 30 days | Daily | | MITRE ATT&CK | Adversary techniques mapped to CVEs | Quarterly |

Tools

vuln_lookup_cve — Enriched CVE Lookup

The killer feature. Look up any CVE and get intelligence from all 4 sources in a single call.

• Input: { cveId: "CVE-2021-44228" }
• Returns: NVD details + CVSS score + KEV exploitation status + EPSS probability + ATT&CK techniques

vuln_search — Search CVEs

Search the NVD by keyword, severity, and date range. Optionally filter to only actively exploited (KEV) vulnerabilities.

• Input: { keyword: "apache log4j", severity: "CRITICAL", hasKev: true, limit: 20 }

vuln_kev_latest — Recently Exploited Vulnerabilities

Get vulnerabilities recently added to CISA's Known Exploited Vulnerabilities catalog.

• Input: { days: 7, limit: 20 }

vuln_kev_due_soon — Upcoming Remediation Deadlines

Get KEV entries with remediation deadlines approaching. Critical for federal compliance.

• Input: { days: 14, limit: 20 }

vuln_epss_top — Highest Exploitation Probability

Get CVEs most likely to be exploited in the next 30 days based on EPSS machine learning model.

• Input: { threshold: 0.7, limit: 20 }

vuln_trending — Newly Published Critical CVEs

Get recently published high/critical severity CVEs from the NVD.

• Input: { days: 3, severity: "CRITICAL", limit: 20 }

vuln_by_vendor — Vendor Vulnerability Assessment

Search CVEs for a specific vendor/product. Cross-references with CISA KEV to flag actively exploited issues.

• Input: { vendor: "microsoft", product: "windows", limit: 20 }

Use Cases

• Vulnerability triage: Look up a CVE and instantly know if it's actively exploited, its EPSS score, and what ATT&CK techniques apply
• Patch prioritization: Combine KEV status + EPSS scores to prioritize remediation
• Compliance tracking: Monitor upcoming CISA KEV remediation deadlines
• Threat intelligence: Track trending CVEs and newly weaponized vulnerabilities
• Vendor risk assessment: Assess a vendor's vulnerability exposure and active exploitation status

Quick Start

Glama (hosted)

Install from Glama.ai.

Apify (hosted)

{
  "mcpServers": {
    "cybersecurity": {
      "url": "https://cybersecurity-vuln-mcp.apify.actor/mcp"
    }
  }
}

Claude Desktop / Claude Code

{
  "mcpServers": {
    "cybersecurity": {
      "command": "node",
      "args": ["path/to/servers/cybersecurity-vuln-mcp/dist/stdio.js"],
      "env": {
        "NVD_API_KEY": "your-key-here"
      }
    }
  }
}

Local (stdio)

git clone https://github.com/martc03/gov-mcp-servers.git
cd gov-mcp-servers/servers/cybersecurity-vuln-mcp
npm install && npm run build
node dist/stdio.js

Environment Variables

| Variable | Required | Description | |----------|----------|-------------| | NVD_API_KEY | No | NVD API key for higher rate limits (50 req/30s vs 5 req/30s). Register here. |

Caching

| Data Source | TTL | Notes | |-------------|-----|-------| | NVD CVE lookups | 1 hour | Per-CVE | | CISA KEV catalog | 2 hours | Full catalog | | EPSS scores | 24 hours | Per-CVE | | ATT&CK mappings | Static

... View full README on GitHub