Skip to main content
Glama
Aashish-32

cve-lookup-mcp

by Aashish-32
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

cve-lookup-mcp

An MCP server that gives AI assistants live access to CVE data from the National Vulnerability Database (NVD) and FIRST EPSS — no API key required.

Built for use with Claude Code and any other Model Context Protocol compatible client.

Tools

Tool

Description

lookup_cve

Full details for a CVE — CVSS score, description, affected products, EPSS exploitation probability, references

search_cves

Search NVD by keyword with optional severity and year filters

check_product_cves

Find all HIGH/CRITICAL CVEs for a vendor/product (useful during version fingerprinting)

Example prompts

Look up CVE-2022-41352
Search for critical Zimbra RCE vulnerabilities from 2022
Check CVEs for apache struts

Related MCP server: Exploit Intel Platform MCP Server

Installation

Option 1 — pipx (recommended)

pipx install cve-lookup-mcp

Option 2 — pip

pip install cve-lookup-mcp

Option 3 — run from source

git clone https://github.com/Aashish-32/cve-lookup-mcp
cd cve-lookup-mcp
pip install -e .

Configuration

Add to your ~/.claude.json (Claude Code) or equivalent MCP client config:

{
  "mcpServers": {
    "cve-lookup": {
      "command": "cve-lookup-mcp",
      "args": []
    }
  }
}

If installed from source, point directly at the script:

{
  "mcpServers": {
    "cve-lookup": {
      "command": "python3",
      "args": ["/path/to/cve-lookup-mcp/src/cve_lookup_mcp/server.py"]
    }
  }
}

Restart your MCP client after adding the config.

Data sources

Source

What it provides

Rate limit

NVD API v2

CVE details, CVSS scores, affected products

~5 req/30s (no key), 50 req/30s (with key)

FIRST EPSS API

Exploitation probability score

None

NVD API key (optional)

Without a key, NVD allows roughly 5 requests per 30 seconds. For heavier use, request a free API key from NVD and set it as an environment variable:

{
  "mcpServers": {
    "cve-lookup": {
      "command": "cve-lookup-mcp",
      "env": {
        "NVD_API_KEY": "your-key-here"
      }
    }
  }
}

Development

git clone https://github.com/Aashish-32/cve-lookup-mcp
cd cve-lookup-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -e .

Run the server manually (stdio mode):

cve-lookup-mcp

Test with a raw JSON-RPC call:

echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1"}}}' \
  | cve-lookup-mcp

License

MIT

Install Server
A
license - permissive license
A
quality
C
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Aashish-32/cve-lookup-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server