eip-mcp

Search Vulnerabilities

search_vulnerabilities

Read-onlyIdempotent

Search for vulnerabilities (CVEs) with full-text search and filters for severity, exploit status, CISA KEV, ransomware, and CVSS/EPSS thresholds. Returns exploitation signals and attribution.

Instructions

Search the Exploit Intelligence Platform for vulnerabilities (CVEs). Returns a list of matching CVEs with CVSS scores, EPSS exploitation probability, exploit counts, CISA KEV status, VulnCheck KEV, InTheWild.io exploitation signals, and ransomware attribution. Supports full-text search, severity/vendor/product/ecosystem/CWE filters, CVSS/EPSS thresholds, plus any_exploited and ransomware filters. When sort is omitted, the API may automatically prefer newest exploitation, exploit, or nuclei-template activity based on the filters you set. Examples: query='apache httpd' with has_exploits=true; vendor='fortinet' with severity='critical' and is_kev=true sorted by epss_desc; any_exploited=true with ransomware=true for ransomware-linked CVEs; cwe='89' with min_cvss=9 for critical SQL injection CVEs.

Input Schema

TableJSON Schema

Name	Required	Description
`query`	No	Search keywords (e.g. 'apache httpd', 'log4j'). Optional if filters are provided.
`severity`	No	Filter by severity level
`has_exploits`	No	Only return CVEs with public exploit code
`is_kev`	No	Only return CISA Known Exploited Vulnerabilities
`any_exploited`	No	Only return CVEs exploited in the wild (CISA KEV + VulnCheck KEV + InTheWild.io)
`ransomware`	No	Only return CVEs with confirmed ransomware campaign use
`has_nuclei`	No	Only return CVEs with Nuclei scanner templates
`vendor`	No	Filter by vendor name (e.g. 'microsoft', 'fortinet')
`product`	No	Filter by product name (e.g. 'exchange', 'pan-os')
`ecosystem`	No	Filter by package ecosystem
`cwe`	No	Filter by CWE ID (e.g. '79' or 'CWE-79')
`min_cvss`	No	Minimum CVSS v3 score (0-10)
`min_score`	No	Minimum score for the selected score_version (0-10)
`score_version`	No	Score family for min_score / score_desc
`min_epss`	No	Minimum EPSS score (0-1)
`year`	No	Filter by CVE year (e.g. 2024)
`date_from`	No	Start date for CVE publication (YYYY-MM-DD)
`date_to`	No	End date for CVE publication (YYYY-MM-DD)
`sort`	No	Sort order. Aliases are normalized to the current server schema.
`page`	No	Page number (default: 1)
`per_page`	No	Results per page (1-25, default: 10)

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description details the return fields (CVSS, EPSS, etc.) and sorting behavior, adding value beyond annotations. No contradictions with readOnlyHint, destructiveHint, or idempotentHint.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single well-structured paragraph that front-loads the main purpose, then lists features and examples. Every sentence serves a purpose, with no wasted text.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool with 21 parameters and no output schema, the description covers the key return fields and behavior. It could be more complete by specifying response structure (e.g., pagination details), but it provides sufficient context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with descriptions for all 21 parameters. The description adds concrete examples and clarifies sorting behavior, going beyond the schema definitions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool searches for vulnerabilities (CVEs) and returns a list with specific fields. It distinguishes from siblings like search_exploits by focusing on vulnerabilities, and provides explicit examples of search scenarios.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description includes multiple usage examples and explains sorting behavior when omitted. While it does not explicitly contrast with sibling tools, the examples implicitly guide appropriate use cases.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/exploitintel/eip-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server