cve-lookup-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@cve-lookup-mcpLook up CVE-2024-21626"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
cve-lookup-mcp
An MCP server that gives AI assistants live access to CVE data from the National Vulnerability Database (NVD) and FIRST EPSS — no API key required.
Built for use with Claude Code and any other Model Context Protocol compatible client.
Tools
Tool | Description |
| Full details for a CVE — CVSS score, description, affected products, EPSS exploitation probability, references |
| Search NVD by keyword with optional severity and year filters |
| Find all HIGH/CRITICAL CVEs for a vendor/product (useful during version fingerprinting) |
Example prompts
Look up CVE-2022-41352Search for critical Zimbra RCE vulnerabilities from 2022Check CVEs for apache strutsRelated MCP server: CVE Intelligence MCP Server
Installation
Option 1 — pipx (recommended)
pipx install cve-lookup-mcpOption 2 — pip
pip install cve-lookup-mcpOption 3 — run from source
git clone https://github.com/Aashish-32/cve-lookup-mcp
cd cve-lookup-mcp
pip install -e .Configuration
Add to your ~/.claude.json (Claude Code) or equivalent MCP client config:
{
"mcpServers": {
"cve-lookup": {
"command": "cve-lookup-mcp",
"args": []
}
}
}If installed from source, point directly at the script:
{
"mcpServers": {
"cve-lookup": {
"command": "python3",
"args": ["/path/to/cve-lookup-mcp/src/cve_lookup_mcp/server.py"]
}
}
}Restart your MCP client after adding the config.
Data sources
Source | What it provides | Rate limit |
CVE details, CVSS scores, affected products | ~5 req/30s (no key), 50 req/30s (with key) | |
Exploitation probability score | None |
NVD API key (optional)
Without a key, NVD allows roughly 5 requests per 30 seconds. For heavier use, request a free API key from NVD and set it as an environment variable:
{
"mcpServers": {
"cve-lookup": {
"command": "cve-lookup-mcp",
"env": {
"NVD_API_KEY": "your-key-here"
}
}
}
}Development
git clone https://github.com/Aashish-32/cve-lookup-mcp
cd cve-lookup-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -e .Run the server manually (stdio mode):
cve-lookup-mcpTest with a raw JSON-RPC call:
echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1"}}}' \
| cve-lookup-mcpLicense
MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Aashish-32/cve-lookup-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server