CVE Search MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| NVD_API_KEY | No | NVD API key. Raises rate limit from 5 to 50 req/30s. Get one at nvd.nist.gov. | |
| GITHUB_TOKEN | No | GitHub personal access token. Raises GitHub Advisory API rate limit from 60 to 5000 req/hr. | |
| CVE_SEARCH_TIMEOUT | No | HTTP request timeout in seconds. Default: 20. | |
| CVE_SEARCH_MAX_RESULTS | No | Maximum results returned per tool call. Default: 100. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| search_cve_by_idA | Search for a specific CVE by exact ID (e.g., CVE-2021-44228). Use when you have a CVE ID from code, docs, or security reports. Returns complete CVE details with CVSS score and severity analysis. |
| bulk_cve_lookupA | Look up multiple CVEs by ID concurrently (max 20 IDs). Useful for scanning dependency lists extracted from pull requests. Returns a dict of {cve_id: result} with severity info for each entry. |
| search_vulnerabilities_by_productA | Search vulnerabilities by vendor and product name (e.g., vendor="apache", product="struts"). WARNING: This can be slow (10-15 seconds). Use search_by_keyword for faster results. Returns matched vulnerabilities with severity summary. |
| get_recent_cvesA | Get CVEs published in the last N days (1-365). Fast. Returns a list with severity analysis and alert level. Example: get_recent_cves(7, 30) — last week's top 30 CVEs. |
| check_high_severity_cvesA | Get high-severity CVEs (CVSS >= 7.0) from the last N days (1-365). Fast. Covers Critical (9.0-10.0) and High (7.0-8.9) severity. Example: check_high_severity_cves(7) — this week's critical threats. |
| search_by_keywordA | Smart CVE search by technology/library keyword. Fast. Normalizes common variations ("Node.js", "Spring Boot", "log4j2"). Searches NVD, GitHub Advisory, and OSV concurrently and deduplicates results. Example: search_by_keyword("nodejs"), search_by_keyword("spring boot"). |
| get_vulnerability_statsA | Get CVE database statistics: total count, last updated timestamp, and source info. Fast. Useful for health checks and confirming database freshness before analysis. |
| cvss_score_lookupA | Get a detailed CVSS v3/v4 breakdown for a CVE: base score, vector string, and individual metrics (Attack Vector, Complexity, Privileges Required, User Interaction, Scope, Confidentiality/Integrity/Availability Impact). Uses NVD which carries the richest CVSS data. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Arnabdaz/CVE-Search-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server