Mallory MCP Server

Find a vulnerability by CVE identifier

Use this tool when you need detailed information about a specific vulnerability, including its severity scores, description, and whether it has been exploited in the wild. This is particularly useful for threat assessment, prioritizing patching, or understanding the technical details of a specific CVE.

Args: cve (str): The CVE to search for

Returns: Dict[str, Any]: Dictionary containing vulnerability details including: - uuid: Unique identifier for this vulnerability record - cve_id: The CVE identifier - description: Detailed description of the vulnerability - created_at/updated_at: Timestamps for record creation and updates - cvss_base_score: Severity score (0.0-10.0, higher is more severe) - cvss_version: Version of the CVSS scoring system used - cvss_vector: Detailed scoring vector showing attack characteristics - cvss_data: List of all available CVSS scores from different sources - epss_score: Exploit Prediction Scoring System score (probability of exploitation) - epss_percentile: Percentile ranking of the EPSS score - cisa_kev_added_at: When CISA added this to Known Exploited Vulnerabilities catalog (if applicable) - weaknesses: List of CWE identifiers associated with this vulnerability - mentions_count: Number of references to this vulnerability - detection_signatures_count: Number of detection signatures available - exploits_count: Number of known exploit implementations - exploitations_count: Number of recorded instances of exploitation in the wild - vulnerable_configurations_count: Number of affected system configurations