A streamlined Model Context Protocol (MCP) Server for cybersecurity intelligence, providing unified access to vulnerability data from multiple authoritative sources including NVD, MITRE, and GitHub Security Advisories. This Lite version focuses on core CVE intelligence capabilities with essential features for security professionals.
The MCP CVE Intelligence Server Lite is a streamlined Model Context Protocol (MCP) Server designed for security professionals, penetration testers, and cybersecurity researchers who need essential vulnerability intelligence integrated into their AI workflows. This Lite edition focuses on core features, aggregating data from multiple authoritative sources and delivering actionable security insights through standardized protocols.
Status: Lite edition with core CVE intelligence features and streamlined functionality.
- 🔍 Multi-Source CVE Intelligence: Unified access to NVD, MITRE CVE Records, and GitHub Security Advisories
- 🎯 Essential Exploit Discovery: Pattern-based detection from Exploit-DB, GitHub PoCs, Metasploit, and PacketStorm
- 🧮 EPSS Risk Scoring: Environmental context-aware vulnerability prioritization with exploit prediction
- 📊 Complete CVSS Support: Full v4/v3/v2 metric analysis with intelligent severity assessment
- 🔧 CPE-Based Discovery: Product-specific vulnerability identification using standardized identifiers
- 📈 Trending Analysis: Real-time vulnerability trending based on severity, exploits, and activity
- 📋 Professional Reports: Generate security reports in multiple formats (Markdown, JSON, summary)
- ⚡ Performance Optimized: Intelligent caching, retry logic, and streamlined processing
- 🛡️ Security-First: Type-safe implementation with comprehensive input validation and sanitization
- 🚦 Rate Limiting: Intelligent request throttling with source-specific limits
- 📊 Health Monitoring: Real-time source availability and performance tracking
- Node.js: 20.0.0 or higher
- npm: Comes with Node.js
# Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
# Install dependencies
npm install
# Build the project
npm run build
# Start the server
npm start# Pull and run the latest image from Docker Hub
docker run -d \
--name mcp-cve-server \
-p 13001:3001 \
-e MCP_TRANSPORT_TYPE=http \
-e MCP_HTTP_PORT=3001 \
-e MCP_HTTP_HOST=0.0.0.0 \
proug/mcp-cve-intelligence-server-lite:latest
# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/health# Using the provided Docker setup
chmod +x docker-run.sh
./docker-run.sh up
# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/health# Build locally if you want to customize
docker build -t mcp-cve-intelligence-server-lite:local .
docker run -d -p 13001:3001 mcp-cve-intelligence-server-lite:local📋 For advanced Docker configuration, customization, and deployment options, see docs/DOCKER.md
To use this server with MCP-compatible clients, install via NPM and configure:
# Quick install from NPM
npx @proug/mcp-cve-intelligence-server-lite@latest --helpVS Code Configuration:
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
}
}
}📋 For complete MCP client configuration (VS Code, Claude Desktop, etc.), see the Configuration section below.
The server provides 7 essential tools for comprehensive CVE intelligence and security analysis:
Search for vulnerabilities using flexible criteria with intelligent filtering:
{
"keyword": "apache log4j",
"severity": "CRITICAL",
"hasExploit": true,
"dateStart": "2021-01-01",
"dateEnd": "2024-12-31",
"limit": 50,
"source": "nvd"
}Advanced Examples:
// Search for recent RCE vulnerabilities
{
"keyword": "remote code execution",
"severity": "HIGH,CRITICAL",
"dateStart": "2024-01-01",
"hasExploit": true,
"limit": 100
}
// Find Windows privilege escalation issues
{
"keyword": "windows privilege escalation",
"severity": "MEDIUM,HIGH,CRITICAL",
"limit": 25
}Retrieve detailed vulnerability information with exploit analysis:
{
"cveId": "CVE-2021-44228",
"includeExploits": true,
"includeReferences": true
}Response includes:
- Complete CVSS v4/v3/v2 metrics and scoring
- CWE classifications and weakness analysis
- Affected products with CPE identifiers
- Known exploits from multiple sources
- EPSS risk scores and probability
- Vendor advisories and patches
Discover currently trending vulnerabilities based on activity and severity:
{
"limit": 25,
"timeframe": "7d",
"minSeverity": "MEDIUM"
}Trending Analysis:
- Recently disclosed high-impact vulnerabilities
- CVEs with increasing exploit activity
- Vulnerabilities gaining security community attention
- Active discussions and proof-of-concepts
Calculate context-aware EPSS scores for vulnerability prioritization:
{
"cveIds": ["CVE-2021-44228", "CVE-2022-22965", "CVE-2023-23397"],
"environmentContext": {
"networkExposure": "internet-facing",
"assetCriticality": "critical",
"securityControls": ["waf", "ids", "edr"],
"patchingCapability": "rapid"
}
}Environment Contexts:
networkExposure: "internal", "dmz", "internet-facing"assetCriticality: "low", "medium", "high", "critical"securityControls: Array of deployed security measurespatchingCapability: "limited", "standard", "rapid"
Generate comprehensive vulnerability reports in multiple formats:
{
"cveIds": ["CVE-2021-44228", "CVE-2022-22965"],
"format": "markdown",
"includeExploits": true,
"includeMetrics": true,
"includeMitigation": true
}Report Formats:
markdown: Professional markdown reportsjson: Structured data for automationsummary: Executive summary format
Report Sections:
- Executive summary with risk assessment
- Detailed vulnerability analysis
- Exploit availability and complexity
- Recommended mitigation strategies
- CVSS metrics and environmental scoring
Find vulnerabilities affecting specific products using CPE identifiers:
{
"cpe": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"severity": "HIGH,CRITICAL",
"hasExploit": true,
"limit": 50
}CPE Examples:
// Search for all Apache products
{
"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*",
"severity": "CRITICAL"
}
// Windows Server vulnerabilities
{
"cpe": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
"hasExploit": true
}
// Specific version targeting
{
"cpe": "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*",
"includeExploits": true
}Monitor the health and availability of CVE data sources:
{
"includeMetrics": true,
"includeLastUpdated": true
}Health Metrics:
- Source availability status
- Response times and performance
- Last successful data update
- API rate limit status
- Error rates and reliability
The server includes a comprehensive CLI for production deployment and testing:
# Quick start with HTTP transport
npm start -- quick-start --port 3001
# Start with stdio transport (default MCP)
npm start -- --transport stdio
# Start with custom configuration
npm start -- --transport http --port 3001 --log-level debug# Show current configuration and environment
npm start -- config# Basic health check via HTTP endpoint
curl http://localhost:3001/health
# Test via MCP tools
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'# Generate Docker commands and deployment info
npm start -- docker --port 3001# Custom transport and networking
npm start -- --transport http --port 3001 --host 0.0.0.0
# Set log level for debugging
npm start -- --transport http --log-level debug
# Help and available commands
npm start -- --help# 1. Start the server for assessment
npm start -- quick-start --port 3001
# 2. Check source health
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'
# 3. Search for critical vulnerabilities in your stack
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchByCpe", "arguments": {"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*", "severity": "CRITICAL"}}}'
# 4. Generate assessment report
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "generateCveReport", "arguments": {"cveIds": ["CVE-2021-44228"], "format": "markdown", "includeExploits": true}}}'# 1. Find trending vulnerabilities
npm start -- --transport http --port 3001
# 2. Research specific CVE with exploits
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getCveDetails", "arguments": {"cveId": "CVE-2024-12345", "includeExploits": true}}}'
# 3. Calculate environmental risk
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "calculateEpssScores", "arguments": {"cveIds": ["CVE-2024-12345"], "environmentContext": {"networkExposure": "internet-facing", "assetCriticality": "critical"}}}}'# Search for exploitable vulnerabilities in target technology
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "windows server 2019", "hasExploit": true, "severity": "HIGH,CRITICAL", "limit": 50}}}'
# Find recent RCE vulnerabilities
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "remote code execution", "dateStart": "2024-01-01", "hasExploit": true}}}'Configure the server using environment variables or .env file:
To use this server with MCP-compatible clients (VS Code, Claude Desktop, etc.), you need to configure the client to connect to this server.
For VS Code:
Create a .vscode/mcp.json file in your workspace:
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
}
}
}Or for global configuration, run MCP: Open User Configuration in VS Code and add:
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
"env": {
"NVD_API_KEY": "${input:nvd-api-key}",
"GITHUB_TOKEN": "${input:github-token}"
}
}
},
"inputs": [
{
"type": "promptString",
"id": "nvd-api-key",
"description": "NVD API Key (optional)",
"password": true
},
{
"type": "promptString",
"id": "github-token",
"description": "GitHub Personal Access Token (optional)",
"password": true
}
]
}For Claude Desktop:
Add to your Claude Desktop configuration file (~/Library/Application Support/Claude/config.json on macOS):
{
"mcpServers": {
"cve-intelligence": {
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
"env": {
"NVD_API_KEY": "your-optional-nvd-api-key",
"GITHUB_TOKEN": "your-optional-github-token"
}
}
}
}For Docker Containers:
You can run the MCP server in a Docker container for enhanced security and isolation:
VS Code Configuration (STDIO Transport):
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"proug/mcp-cve-intelligence-server-lite:latest"
]
}
}
}VS Code Configuration (HTTP Transport):
{
"servers": {
"cve-intelligence": {
"url": "http://localhost:3001/mcp"
}
}
}Claude Desktop Configuration (STDIO Transport):
{
"mcpServers": {
"cve-intelligence": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"proug/mcp-cve-intelligence-server-lite:latest"
],
"env": {
"NVD_API_KEY": "your-optional-nvd-api-key",
"GITHUB_TOKEN": "your-optional-github-token"
}
}
}
}Claude Desktop Configuration (HTTP Transport):
{
"mcpServers": {
"cve-intelligence": {
"command": "docker",
"args": [
"run",
"-d",
"--rm",
"-p", "3001:3001",
"-e", "MCP_TRANSPORT_TYPE=http",
"-e", "MCP_HTTP_PORT=3001",
"-e", "MCP_HTTP_HOST=0.0.0.0",
"-e", "NVD_API_KEY=your-optional-nvd-api-key",
"-e", "GITHUB_TOKEN=your-optional-github-token",
"proug/mcp-cve-intelligence-server-lite:latest"
]
}
}
}Docker Compose (Production Ready):
Use the provided docker-compose.yml for production deployments:
# Start with HTTP transport on port 13001
./docker-run.sh up
# Server available at: http://localhost:13001
# Health check: http://localhost:13001/health/liveNote: When using Docker, the MCP server runs in an isolated container. The Docker image is available from Docker Hub:
# Pull the latest image docker pull proug/mcp-cve-intelligence-server-lite:latest # Or build locally from source: docker build -t mcp-cve-intelligence-server-lite:local .
For Custom Implementations:
Start the server in stdio mode and connect via standard input/output:
# Start server in stdio mode (default)
npx mcp-cve-intelligence-server-lite
# Or start in HTTP mode
npx mcp-cve-intelligence-server-lite --transport http --port 3001# Core server settings
export MCP_HTTP_PORT="3001"
export MCP_TRANSPORT="http" # or "stdio"
export LOG_LEVEL="info" # debug, info, warn, error
export NODE_ENV="production" # development, production, test# NVD API (NIST) - Higher rate limits
export NVD_API_KEY="your-nvd-api-key"
# GitHub API - Higher rate limits for security advisories
export GITHUB_TOKEN="your-github-personal-access-token"
# MITRE CVE Program - Requires CVE Program membership
export MITRE_API_KEY="your-mitre-api-key"
export MITRE_API_ORG="your-organization-name"
export MITRE_API_USER="your-username"Security Note: API keys and tokens are only accepted via environment variables for security reasons. They cannot be provided via CLI arguments.
# Rate limiting and performance
export CVE_CACHE_TTL="1800" # Cache TTL in seconds
export CVE_CACHE_MAX_SIZE="1000" # Maximum cache entries
export CVE_REQUEST_TIMEOUT="30000" # Request timeout in ms
export CVE_RETRY_ATTEMPTS="3" # Retry attempts for failed requests
# Security settings
export CVE_CORS_ORIGIN="*" # CORS allowed origins
export CVE_API_KEY_REQUIRED="false" # Require API key for access
export CVE_RATE_LIMIT="100" # Requests per window
export CVE_RATE_WINDOW="3600" # Rate limit window in seconds
# Logging and monitoring
export LOG_FILE_PATH="/app/logs" # Log file directory
export LOG_MAX_FILES="30" # Maximum log files to keep
export LOG_MAX_SIZE="100mb" # Maximum log file size
export METRICS_ENABLED="true" # Enable performance metricsCreate a .env file in your project root:
# .env file for MCP CVE Intelligence Server Lite
NODE_ENV=development
MCP_HTTP_PORT=3001
LOG_LEVEL=debug
# API Keys (optional but recommended)
NVD_API_KEY=your-nvd-api-key-here
GITHUB_TOKEN=ghp_your-github-token-here
# Performance tuning
CVE_CACHE_TTL=3600
CVE_REQUEST_TIMEOUT=30000
CVE_RETRY_ATTEMPTS=3
# Security
CVE_CORS_ORIGIN=http://localhost:3000,https://yourdomain.com
CVE_RATE_LIMIT=200
CVE_RATE_WINDOW=3600# docker-compose.yml environment section
environment:
- NODE_ENV=production
- MCP_HTTP_PORT=3001
- LOG_LEVEL=info
- NVD_API_KEY=${NVD_API_KEY}
- GITHUB_TOKEN=${GITHUB_TOKEN}
- CVE_CACHE_TTL=1800
- CVE_RATE_LIMIT=100| Source | Authentication | Required For | Setup |
|---|---|---|---|
| NVD | Optional API key | Higher rate limits | NVD_API_KEY |
| GitHub | Optional token | Higher rate limits | GITHUB_TOKEN |
| MITRE | CVE Program membership | Search functionality | MITRE_API_KEY, MITRE_API_ORG, MITRE_API_USER |
Note: MITRE search requires CVE Program membership with Secretariat role. Individual CVE lookups work without authentication. 📋 For Docker-specific configuration and deployment options, see docs/DOCKER.md
- CVE Service: Central intelligence engine for vulnerability analysis
- Source Manager: Manages multiple CVE data sources with failover
- Transport Manager: Handles both STDIO and HTTP transport protocols
- Health Service: Monitors data source availability and performance
- Exploit Intelligence: Pattern-based exploit discovery and classification
| Source | Purpose | Features | Authentication |
|---|---|---|---|
| NVD (NIST) | Primary CVE database | CVSS metrics, CPE matching, essential search | Optional (API key) |
| MITRE | Authoritative CVE records | Official assignments, CWE mappings, CVE JSON 5.1 | CVE Program membership |
| GitHub Security | Modern vulnerability advisories | GHSA identifiers, ecosystem-specific data | Optional (token) |
- Exploit-DB: Verified exploits with detailed documentation and proof-of-concepts
- GitHub PoCs: Cutting-edge research and proof-of-concept repositories
- Metasploit Framework: Professional penetration testing modules and exploits
- PacketStorm Security: Curated security exploits and security advisories
# Clone and setup
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
npm install
# Build and run
npm run build
npm start📋 For detailed development workflow, debugging, testing procedures, and contribution guidelines, see CONTRIBUTING.md
- Essential Caching: Smart caching reduces API calls and improves response times
- Streamlined Processing: Optimized source queries for faster results
- Retry Logic: Exponential backoff with circuit breaker for reliable API communication
- Request Optimization: Prevents duplicate API calls within time windows
- Performance Monitoring: Built-in timing, metrics collection, and health checks
- Connection Management: Efficient HTTP connection handling
- Rate Limiting: Source-specific throttling respecting API limits and quotas
- Input Validation: Comprehensive Zod schema validation for all inputs
- Sanitization: Multi-layer input sanitization preventing injection attacks
- Rate Limiting: Request throttling with client identification and blocking
- Error Handling: Secure error messages without sensitive data exposure
- Type Safety: Strict TypeScript implementation preventing runtime errors
- API Key Management: Secure environment variable handling with validation
- Transport Security: HTTPS enforcement and secure headers
- Session Management: Secure session handling for HTTP transport
- Vulnerability Assessment: Essential CVE research and analysis
- Threat Intelligence: Real-time vulnerability trending and prioritization
- Penetration Testing: Exploit discovery and pattern analysis
- Compliance Reporting: Professional vulnerability reports
- Context-Aware Security: Provide vulnerability context to AI models
- Automated Research: Enable AI-driven security research workflows
- Intelligent Prioritization: AI-assisted vulnerability triage
- Report Generation: Automated security documentation
We welcome contributions! Please see our Contributing Guide for details on:
- Setting up the development environment
- Code style guidelines
- Submitting pull requests
- Reporting bugs and feature requests
This project follows security best practices:
- Responsible Disclosure: See our Security Policy for reporting vulnerabilities
- Secure Development: All releases go through automated security scanning and approval processes
- Access Control: Repository access is restricted to verified maintainers
- Audit Trail: All production deployments are tracked and require approval
For security concerns, please see our Security Policy.
This project is licensed under the MIT License - see the LICENSE file for details.
- GitHub Issues: Report bugs or request features
- GitHub Discussions: Community discussions and questions
- Documentation: Check the inline code documentation for API details
- NIST NVD: Primary vulnerability database
- MITRE Corporation: CVE numbering authority
- GitHub Security: Modern security advisory platform
- Model Context Protocol: AI integration framework
MCP CVE Intelligence Server Lite - Essential CVE intelligence for security professionals