Skip to main content
Glama
sarveshkapre

CVE Risk MCP Server

by sarveshkapre
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

CVE Risk MCP Server

MCP server for CVE lookups, KEV enrichment, and “what should I patch first?” ranking. It implements the MCP tools/list + tools/call flow over stdio and returns structured risk assessments per CVE.

Features

  • CVE detail lookups with parsed CVSS v3/v4 metrics.

  • CISA KEV feed enrichment (primary + mirror fallback).

  • EPSS-style risk scoring with reasons and a priority label.

  • Batch ranking for patch queues.

Tools

  • cve_lookup

    • Inputs: cve_id, include_kev

    • Output: CVE summary + KEV status + risk score

  • cve_rank

    • Inputs: cve_ids, include_kev

    • Output: ranked list (highest risk first)

Quickstart

make setup make check

Run (MCP stdio)

python -m cve_risk_mcp --stdio

Example (tools/call)

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"cve_lookup","arguments":{"cve_id":"CVE-2023-23397"}}}

Data sources

  • CVE data: CIRCL Vulnerability Lookup API.

  • KEV data: CISA Known Exploited Vulnerabilities feed (primary URL) with fallback to the official CISA GitHub mirror.

Notes

  • No authentication: intended for local or controlled environments.

  • All outbound network calls are GETs to the configured APIs.

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

Resources

New MCP Servers

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sarveshkapre/cve-risk-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server