Vuln Nist Mcp Server

Name: Vuln Nist Mcp Server
Author: HaroldFinchIFT

by HaroldFinchIFT

MCP Server for Vulnerabilities API from NVD NIST

11 6 tools GitHub

No known CVEs

MIT license

Stale

Last commit 248d ago

Works with most clients

Transport: sse

6 tools · ~679 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopsse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "vuln-nist-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/vuln-nist-mcp-server)](https://mcppedia.org/s/vuln-nist-mcp-server)

Read me

What Vuln Nist Mcp Server does

A Model Context Protocol (MCP) server for querying NIST National Vulnerability Database (NVD) API endpoints.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

58/100across 5 weighted dimensions

How we score →

0255075100

−42

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (6)

Click any tool to inspect its schema.

~679 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Vuln Nist Mcp Server safe to use?: Vuln Nist Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Vuln Nist Mcp Server?: Vuln Nist Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Vuln Nist Mcp Server do?: Vuln Nist Mcp Server provides 6 tools: get_temporal_context, search_cves, get_cve_by_id, cves_by_cpe, kevs_between and 1 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Vuln Nist Mcp Server?: Vuln Nist Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses sse transport.
Is Vuln Nist Mcp Server actively maintained?: Vuln Nist Mcp Server is less actively maintained — last commit was 248 days ago. It has 11 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Vuln Nist Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Purpose

This MCP server exposes tools to query the NVD/CVE REST API and return formatted text results suitable for LLM consumption via the MCP protocol. It includes automatic query chunking for large date ranges and parallel processing for improved performance.

Features

Available Tools

get_temporal_context - Get current date and temporal context for time-relative queries

Essential for queries like "this year", "last year", "6 months ago"
Provides current date mappings and examples for date parameter construction
USAGE: Call this tool FIRST when user asks time-relative questions

search_cves - Search CVE descriptions by keyword with flexible date filtering

Parameters: keyword, resultsPerPage (default: 20), startIndex (default: 0), last_days (recent_days has been deprecated), start_date, end_date
New in v1.1.0: Support for absolute date ranges with start_date and end_date parameters
Date filtering priority: start_date/end_date → last_days → default 30 days
Auto-chunks queries > 120 days into parallel requests
Results sorted by publication date (newest first)

get_cve_by_id - Retrieve detailed information for a specific CVE

Parameters: cve_id
Returns: CVE details, references, tags, and publication dates

cves_by_cpe - List CVEs associated with a Common Platform Enumeration (CPE)

Parameters: cpe_name (full CPE 2.3 format required), is_vulnerable (optional)
Validates CPE format before querying

kevs_between - Find CVEs added to CISA KEV catalog within a date range

Parameters: kevStartDate, kevEndDate, resultsPerPage (default: 20), startIndex (default: 0)
Auto-chunks queries > 90 days into parallel requests
Results sorted by publication date (newest first)

cve_change_history - Retrieve change history for CVEs

Parameters: cve_id OR (changeStartDate + changeEndDate), resultsPerPage (default: 20), startIndex (default: 0)
Auto-chunks date range queries > 120 days into parallel requests
Results sorted by change creation date (newest first)

Key Features

Temporal Awareness: New get_temporal_context tool for accurate time-relative queries

Flexible Date Filtering: Support for both relative (last_days) and absolute (start_date/end_date) date ranges

Improved Result Ordering: All results sorted chronologically (newest first) for better relevance

Parallel Processing: Large date ranges are automatically split into chunks and processed concurrently

Input Validation: CPE format validation, date parsing, parameter sanitization

Emoji Indicators: Clear visual feedback (✅ success, ❌ error, ⚠️ warning, 🔍 search, 🔥 KEV, 🌐 CPE, 🕘 history, 📅 temporal)

Comprehensive Logging: Detailed stderr logging for debugging

Error Handling: Graceful handling of API errors, timeouts, and malformed responses

Frequently Asked Questions

Is Vuln Nist Mcp Server safe to use?

Vuln Nist Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Vuln Nist Mcp Server?

Vuln Nist Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can Vuln Nist Mcp Server do?

Vuln Nist Mcp Server provides 6 tools: get_temporal_context, search_cves, get_cve_by_id, cves_by_cpe, kevs_between and 1 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Vuln Nist Mcp Server?

Vuln Nist Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses sse transport.

Is Vuln Nist Mcp Server actively maintained?

Vuln Nist Mcp Server is less actively maintained — last commit was 248 days ago. It has 11 GitHub stars.

Purpose

Features

Available Tools

get_temporal_context - Get current date and temporal context for time-relative queries

Essential for queries like "this year", "last year", "6 months ago"
Provides current date mappings and examples for date parameter construction
USAGE: Call this tool FIRST when user asks time-relative questions

search_cves - Search CVE descriptions by keyword with flexible date filtering

Parameters: keyword, resultsPerPage (default: 20), startIndex (default: 0), last_days (recent_days has been deprecated), start_date, end_date
New in v1.1.0: Support for absolute date ranges with start_date and end_date parameters
Date filtering priority: start_date/end_date → last_days → default 30 days
Auto-chunks queries > 120 days into parallel requests
Results sorted by publication date (newest first)

get_cve_by_id - Retrieve detailed information for a specific CVE

Parameters: cve_id
Returns: CVE details, references, tags, and publication dates

cves_by_cpe - List CVEs associated with a Common Platform Enumeration (CPE)

Parameters: cpe_name (full CPE 2.3 format required), is_vulnerable (optional)
Validates CPE format before querying

kevs_between - Find CVEs added to CISA KEV catalog within a date range

Parameters: kevStartDate, kevEndDate, resultsPerPage (default: 20), startIndex (default: 0)
Auto-chunks queries > 90 days into parallel requests
Results sorted by publication date (newest first)

cve_change_history - Retrieve change history for CVEs

Parameters: cve_id OR (changeStartDate + changeEndDate), resultsPerPage (default: 20), startIndex (default: 0)
Auto-chunks date range queries > 120 days into parallel requests
Results sorted by change creation date (newest first)