Skip to main content
Glama
Arnabdaz

CVE Search MCP Server

by Arnabdaz

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
NVD_API_KEYNoNVD API key. Raises rate limit from 5 to 50 req/30s. Get one at nvd.nist.gov.
GITHUB_TOKENNoGitHub personal access token. Raises GitHub Advisory API rate limit from 60 to 5000 req/hr.
CVE_SEARCH_TIMEOUTNoHTTP request timeout in seconds. Default: 20.
CVE_SEARCH_MAX_RESULTSNoMaximum results returned per tool call. Default: 100.

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
search_cve_by_idA

Search for a specific CVE by exact ID (e.g., CVE-2021-44228). Use when you have a CVE ID from code, docs, or security reports. Returns complete CVE details with CVSS score and severity analysis.

bulk_cve_lookupA

Look up multiple CVEs by ID concurrently (max 20 IDs). Useful for scanning dependency lists extracted from pull requests. Returns a dict of {cve_id: result} with severity info for each entry.

search_vulnerabilities_by_productA

Search vulnerabilities by vendor and product name (e.g., vendor="apache", product="struts"). WARNING: This can be slow (10-15 seconds). Use search_by_keyword for faster results. Returns matched vulnerabilities with severity summary.

get_recent_cvesA

Get CVEs published in the last N days (1-365). Fast. Returns a list with severity analysis and alert level. Example: get_recent_cves(7, 30) — last week's top 30 CVEs.

check_high_severity_cvesA

Get high-severity CVEs (CVSS >= 7.0) from the last N days (1-365). Fast. Covers Critical (9.0-10.0) and High (7.0-8.9) severity. Example: check_high_severity_cves(7) — this week's critical threats.

search_by_keywordA

Smart CVE search by technology/library keyword. Fast. Normalizes common variations ("Node.js", "Spring Boot", "log4j2"). Searches NVD, GitHub Advisory, and OSV concurrently and deduplicates results. Example: search_by_keyword("nodejs"), search_by_keyword("spring boot").

get_vulnerability_statsA

Get CVE database statistics: total count, last updated timestamp, and source info. Fast. Useful for health checks and confirming database freshness before analysis.

cvss_score_lookupA

Get a detailed CVSS v3/v4 breakdown for a CVE: base score, vector string, and individual metrics (Attack Vector, Complexity, Privileges Required, User Interaction, Scope, Confidentiality/Integrity/Availability Impact). Uses NVD which carries the richest CVSS data.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Arnabdaz/CVE-Search-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server