Glama
Sign In

mcp-nvd

by marcoeg
Verified
GitHub
Python
MIT License
  • Apple
RedditDiscord
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Integrations

  • Enables searching for vulnerabilities related to Red Hat products in the NVD database using keyword search functionality

NVD Database MCP Server

A Model Context Protocol server implementation to query the NIST National Vulnerability Database (NVD) via its API. https://nvd.nist.gov/

As a prerequisite an NVD API key is required. (Request here).

Status

Works with Claude Desktop app and other MCP compliant hosts and clients using both the stdio and sse transports.

Features

  • Query specific CVEs by ID with detailed vulnerability data.
  • Search the NVD database by keyword with customizable result options.
  • Supports Server-Sent Events (SSE) transport for real-time communication.
  • Compatible with MCP-compliant clients like Claude Desktop.

Tools

The server implements the following tools to query the NVD Database:

  • get_cve:
    • Description: Retrieves a CVE record by its ID.
    • Parameters:
      • cve_id (str): The CVE ID (e.g., CVE-2019-1010218).
      • concise (bool, default False): If True, returns a shorter format.
    • Returns: Detailed CVE info including scores, weaknesses, and references.
  • search_cve:
    • Description: Searches the NVD database by keyword.
    • Parameters:
      • keyword (str): Search term (e.g., Red Hat).
      • exact_match (bool, default False): If True, requires an exact phrase match.
      • concise (bool, default False): If True, returns shorter CVE records.
      • results (int, default 10): Maximum number of CVE records (1-2000).
    • Returns: List of matching CVEs with total count.

Configuration

  1. Create or edit the Claude Desktop configuration file located at:
    • On macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
    • On Windows: %APPDATA%/Claude/claude_desktop_config.json
  2. Add the following:
{ "mcpServers": { "mcp-nvd": { "command": "/path/to/uvx", "args": ["mcp-nvd"], "env": { "NVD_API_KEY": "your-api-key" } } } }
  1. Replace /path/to/uvx with the absolute path to the uvx executable. Find the path with which uvx command in a terminal. This ensures that the correct version of uvx is used when starting the server.
  2. Restart Claude Desktop to apply the changes.

Development

Setup

  1. Prerequisites:
  2. Clone the Repository:
git clone https://github.com/marcoeg/mcp-nvd cd mcp-nvd
  1. Set Environment Variables:
    • Create a .env file in the project root:
      NVD_API_KEY=your-api-key
    • Replace your-api-key with your NVD API key.
  2. Install Dependencies:
uv sync uv pip install -e .

Run with the MCP Inspector

cd /path/to/the/repo source .env npx @modelcontextprotocol/inspector uv \ --directory /path/to/repo/mcp-nvd run mcp-nvd

Then open the browser to the URL indicated by the MCP Inspector, typically http://localhost:8077?proxyPort=8078

Switch freely between stdio and sse transport types in the inspector.

Testing with the SSE Client

Run the Server:

cd /path/to/the/repo source .env uv run mcp-nvd --transport sse --port 9090
  • Runs with SSE transport on port 9090 by default.

Run the Client:

Test get_cve:

uv run client.py http://localhost:9090/sse CVE-2019-1010218

Test search_cve (default 10 results):

uv run client.py http://localhost:9090/sse "search:Red Hat"

Test search_cve (exact match, 5 results):

uv run client.py http://localhost:9090/sse "search:Microsoft Windows:exact:5"

Docker Setup

Build

docker build -t mcp-nvd:latest .

Run

With .env:

docker run -d -p 9090:9090 -v /path/to/.env:/app/.env mcp-nvd:latest

With env var:

docker run -d -p 9090:9090 -e NVD_API_KEY="your-key" mcp-nvd:latest

Custom port:

docker run -d -p 8080:8080 -v /path/to/.env:/app/.env mcp-nvd:latest uv run mcp-nvd --transport sse --port 8080 --host 0.0.0.0

Verify

docker logs <container_id> # Expect: INFO: Uvicorn running on http://0.0.0.0:9090

Test:

uv run client.py http://localhost:9090/sse CVE-2019-1010218

Notes

  • Ensure .env has NVD_API_KEY=your-key or use -e.
  • Default port: 9090.

Here’s the summary formatted as Markdown comments within a code block, suitable for inclusion in a file like docker-compose.yaml or README.md:

Using Docker Compose for Testing

This docker-compose.yaml, located in the tests/ directory, defines a service for testing the MCP-NVD server using a pre-built Docker image. It’s designed for a testing use case, similar to a standalone service like clickhouse, and assumes the image is built beforehand rather than rebuilt each time.

Assumptions

  • Pre-built Image: The service uses a pre-built image tagged as mcp-nvd:test, available locally or in a registry. The image is based on the Dockerfile in the parent directory, which sets up the MCP-NVD server with uv and runs it in SSE mode on port 9090.

How to Build the Image

To create the mcp-nvd:test image:

  1. Navigate to the project root:
    cd ./mcp-nvd
  2. Build the image using the Dockerfile:
    docker build -t mcp-nvd:test .
    • This builds the image with all dependencies from pyproject.toml and the mcp_nvd/ module, setting the default command to run the server.

Running the Service

From the tests/ directory:

cd tests docker-compose up
  • Access: The server runs at http://localhost:9090.
  • Stop: docker-compose down.
  • Environment: Ensure NVD_API_KEY is in ../.env or use docker-compose --env-file ../.env up.

Running test_tools.py in the Docker Compose Scenario

To run the unit tests (test_tools.py) within the Docker environment:

  1. Start the Service: Ensure the mcp-nvd service is running via docker-compose up.
  2. Exec into the Container:
    • Identify the container name (e.g., mcp-nvd-mcp-nvd-1) with:
      docker ps
    • Run the tests inside the container:
      docker exec -it mcp-nvd-mcp-nvd-1 python /app/tests/test_tools.py
    • Note: Assumes test_tools.py is copied into the image at /app/tests/. If not, modify the Dockerfile to include:
      COPY tests/ ./tests/
      Then rebuild the image with docker build -t mcp-nvd:test . from the root.
  3. Alternative: Run tests locally against the containerized service:
    cd tests python test_tools.py
    • This tests against http://localhost:9090 while the service runs.

Key Details

  • Port: 9090 is exposed for SSE access.
  • Logs: Stored in a log-data volume (optional).
  • Image: Must be built once and tagged as mcp-nvd:test before running docker-compose.

Credits to @sidharthrajaram for its working pattern for SSE-based MCP clients and servers: https://github.com/sidharthrajaram/mcp-sse

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

A Model Context Protocol server implementation to query the NIST National Vulnerability Database (NVD) via its API.

  1. Status
    1. Features
      1. Tools
    2. Configuration
      1. Development
        1. Setup
        2. Run with the MCP Inspector
        3. Testing with the SSE Client
      2. Docker Setup
        1. Build
        2. Run
        3. Verify
        4. Notes
        5. Using Docker Compose for Testing