MCP CVE Intelligence Server Lite
Accesses GitHub Security Advisories and GitHub-hosted Proof-of-Concepts for vulnerability intelligence.
Integrates exploit detection from the Metasploit framework.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP CVE Intelligence Server LiteWhat are the top 5 critical CVEs from the last week?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP CVE Intelligence Server Lite
A streamlined Model Context Protocol (MCP) Server for cybersecurity intelligence, providing unified access to vulnerability data from multiple authoritative sources including NVD, MITRE, and GitHub Security Advisories. This Lite version focuses on core CVE intelligence capabilities with essential features for security professionals.
🚀 Overview
The MCP CVE Intelligence Server Lite is a streamlined Model Context Protocol (MCP) Server designed for security professionals, penetration testers, and cybersecurity researchers who need essential vulnerability intelligence integrated into their AI workflows. This Lite edition focuses on core features, aggregating data from multiple authoritative sources and delivering actionable security insights through standardized protocols.
Status: Lite edition with core CVE intelligence features and streamlined functionality.
Key Features (Lite Edition)
🔍 Multi-Source CVE Intelligence: Unified access to NVD, MITRE CVE Records, and GitHub Security Advisories
🎯 Essential Exploit Discovery: Pattern-based detection from Exploit-DB, GitHub PoCs, Metasploit, and PacketStorm
🧮 EPSS Risk Scoring: Environmental context-aware vulnerability prioritization with exploit prediction
📊 Complete CVSS Support: Full v4/v3/v2 metric analysis with intelligent severity assessment
🔧 CPE-Based Discovery: Product-specific vulnerability identification using standardized identifiers
📈 Trending Analysis: Real-time vulnerability trending based on severity, exploits, and activity
📋 Professional Reports: Generate security reports in multiple formats (Markdown, JSON, summary)
⚡ Performance Optimized: Intelligent caching, retry logic, and streamlined processing
🛡️ Security-First: Type-safe implementation with comprehensive input validation and sanitization
🚦 Rate Limiting: Intelligent request throttling with source-specific limits
📊 Health Monitoring: Real-time source availability and performance tracking
🛠️ Installation
Prerequisites
Node.js: 20.0.0 or higher
npm: Comes with Node.js
Quick Start
# Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
# Install dependencies
npm install
# Build the project
npm run build
# Start the server
npm startDocker Deployment
Using Pre-built Image (Recommended)
# Pull and run the latest image from Docker Hub
docker run -d \
--name mcp-cve-server \
-p 13001:3001 \
-e MCP_TRANSPORT_TYPE=http \
-e MCP_HTTP_PORT=3001 \
-e MCP_HTTP_HOST=0.0.0.0 \
proug/mcp-cve-intelligence-server-lite:latest
# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/healthUsing Docker Compose
# Using the provided Docker setup
chmod +x docker-run.sh
./docker-run.sh up
# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/healthBuilding from Source
# Build locally if you want to customize
docker build -t mcp-cve-intelligence-server-lite:local .
docker run -d -p 13001:3001 mcp-cve-intelligence-server-lite:local📋 For advanced Docker configuration, customization, and deployment options, see docs/DOCKER.md
MCP Client Setup
To use this server with MCP-compatible clients, install via NPM and configure:
# Quick install from NPM
npx @proug/mcp-cve-intelligence-server-lite@latest --helpVS Code Configuration:
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
}
}
}📋 For complete MCP client configuration (VS Code, Claude Desktop, etc.), see the Configuration section below.
📖 Usage
MCP Tools Available (Lite Edition)
The server provides 7 essential tools for comprehensive CVE intelligence and security analysis:
1. searchCves - Advanced CVE Search & Discovery
Search for vulnerabilities using flexible criteria with intelligent filtering:
{
"keyword": "apache log4j",
"severity": "CRITICAL",
"hasExploit": true,
"dateStart": "2021-01-01",
"dateEnd": "2024-12-31",
"limit": 50,
"source": "nvd"
}Advanced Examples:
// Search for recent RCE vulnerabilities
{
"keyword": "remote code execution",
"severity": "HIGH,CRITICAL",
"dateStart": "2024-01-01",
"hasExploit": true,
"limit": 100
}
// Find Windows privilege escalation issues
{
"keyword": "windows privilege escalation",
"severity": "MEDIUM,HIGH,CRITICAL",
"limit": 25
}2. getCveDetails - Comprehensive CVE Intelligence
Retrieve detailed vulnerability information with exploit analysis:
{
"cveId": "CVE-2021-44228",
"includeExploits": true,
"includeReferences": true
}Response includes:
Complete CVSS v4/v3/v2 metrics and scoring
CWE classifications and weakness analysis
Affected products with CPE identifiers
Known exploits from multiple sources
EPSS risk scores and probability
Vendor advisories and patches
3. getTrendingCves - Real-Time Vulnerability Intelligence
Discover currently trending vulnerabilities based on activity and severity:
{
"limit": 25,
"timeframe": "7d",
"minSeverity": "MEDIUM"
}Trending Analysis:
Recently disclosed high-impact vulnerabilities
CVEs with increasing exploit activity
Vulnerabilities gaining security community attention
Active discussions and proof-of-concepts
4. calculateEpssScores - Environmental Risk Assessment
Calculate context-aware EPSS scores for vulnerability prioritization:
{
"cveIds": ["CVE-2021-44228", "CVE-2022-22965", "CVE-2023-23397"],
"environmentContext": {
"networkExposure": "internet-facing",
"assetCriticality": "critical",
"securityControls": ["waf", "ids", "edr"],
"patchingCapability": "rapid"
}
}Environment Contexts:
networkExposure: "internal", "dmz", "internet-facing"assetCriticality: "low", "medium", "high", "critical"securityControls: Array of deployed security measurespatchingCapability: "limited", "standard", "rapid"
5. generateCveReport - Professional Security Reports
Generate comprehensive vulnerability reports in multiple formats:
{
"cveIds": ["CVE-2021-44228", "CVE-2022-22965"],
"format": "markdown",
"includeExploits": true,
"includeMetrics": true,
"includeMitigation": true
}Report Formats:
markdown: Professional markdown reportsjson: Structured data for automationsummary: Executive summary format
Report Sections:
Executive summary with risk assessment
Detailed vulnerability analysis
Exploit availability and complexity
Recommended mitigation strategies
CVSS metrics and environmental scoring
6. searchByCpe - Product-Specific Vulnerability Discovery
Find vulnerabilities affecting specific products using CPE identifiers:
{
"cpe": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"severity": "HIGH,CRITICAL",
"hasExploit": true,
"limit": 50
}CPE Examples:
// Search for all Apache products
{
"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*",
"severity": "CRITICAL"
}
// Windows Server vulnerabilities
{
"cpe": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
"hasExploit": true
}
// Specific version targeting
{
"cpe": "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*",
"includeExploits": true
}7. getSourceHealth - Data Source Monitoring
Monitor the health and availability of CVE data sources:
{
"includeMetrics": true,
"includeLastUpdated": true
}Health Metrics:
Source availability status
Response times and performance
Last successful data update
API rate limit status
Error rates and reliability
Command Line Interface
The server includes a comprehensive CLI for production deployment and testing:
Quick Start Commands
# Quick start with HTTP transport
npm start -- quick-start --port 3001
# Start with stdio transport (default MCP)
npm start -- --transport stdio
# Start with custom configuration
npm start -- --transport http --port 3001 --log-level debugConfiguration Management
# Show current configuration and environment
npm start -- configHealth Monitoring & Testing
# Basic health check via HTTP endpoint
curl http://localhost:3001/health
# Test via MCP tools
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'Docker Integration
# Generate Docker commands and deployment info
npm start -- docker --port 3001Advanced Options
# Custom transport and networking
npm start -- --transport http --port 3001 --host 0.0.0.0
# Set log level for debugging
npm start -- --transport http --log-level debug
# Help and available commands
npm start -- --helpPractical Usage Examples
Scenario 1: Security Assessment Workflow
# 1. Start the server for assessment
npm start -- quick-start --port 3001
# 2. Check source health
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'
# 3. Search for critical vulnerabilities in your stack
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchByCpe", "arguments": {"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*", "severity": "CRITICAL"}}}'
# 4. Generate assessment report
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "generateCveReport", "arguments": {"cveIds": ["CVE-2021-44228"], "format": "markdown", "includeExploits": true}}}'Scenario 2: Threat Intelligence Research
# 1. Find trending vulnerabilities
npm start -- --transport http --port 3001
# 2. Research specific CVE with exploits
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getCveDetails", "arguments": {"cveId": "CVE-2024-12345", "includeExploits": true}}}'
# 3. Calculate environmental risk
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "calculateEpssScores", "arguments": {"cveIds": ["CVE-2024-12345"], "environmentContext": {"networkExposure": "internet-facing", "assetCriticality": "critical"}}}}'Scenario 3: Penetration Testing Preparation
# Search for exploitable vulnerabilities in target technology
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "windows server 2019", "hasExploit": true, "severity": "HIGH,CRITICAL", "limit": 50}}}'
# Find recent RCE vulnerabilities
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "remote code execution", "dateStart": "2024-01-01", "hasExploit": true}}}'Configuration
Configure the server using environment variables or .env file:
MCP Client Configuration
To use this server with MCP-compatible clients (VS Code, Claude Desktop, etc.), you need to configure the client to connect to this server.
For VS Code:
Create a .vscode/mcp.json file in your workspace:
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
}
}
}Or for global configuration, run MCP: Open User Configuration in VS Code and add:
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
"env": {
"NVD_API_KEY": "${input:nvd-api-key}",
"GITHUB_TOKEN": "${input:github-token}"
}
}
},
"inputs": [
{
"type": "promptString",
"id": "nvd-api-key",
"description": "NVD API Key (optional)",
"password": true
},
{
"type": "promptString",
"id": "github-token",
"description": "GitHub Personal Access Token (optional)",
"password": true
}
]
}For Claude Desktop:
Add to your Claude Desktop configuration file (~/Library/Application Support/Claude/config.json on macOS):
{
"mcpServers": {
"cve-intelligence": {
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
"env": {
"NVD_API_KEY": "your-optional-nvd-api-key",
"GITHUB_TOKEN": "your-optional-github-token"
}
}
}
}For Docker Containers:
You can run the MCP server in a Docker container for enhanced security and isolation:
VS Code Configuration (STDIO Transport):
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"proug/mcp-cve-intelligence-server-lite:latest"
]
}
}
}VS Code Configuration (HTTP Transport):
{
"servers": {
"cve-intelligence": {
"url": "http://localhost:3001/mcp"
}
}
}Claude Desktop Configuration (STDIO Transport):
{
"mcpServers": {
"cve-intelligence": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"proug/mcp-cve-intelligence-server-lite:latest"
],
"env": {
"NVD_API_KEY": "your-optional-nvd-api-key",
"GITHUB_TOKEN": "your-optional-github-token"
}
}
}
}Claude Desktop Configuration (HTTP Transport):
{
"mcpServers": {
"cve-intelligence": {
"command": "docker",
"args": [
"run",
"-d",
"--rm",
"-p", "3001:3001",
"-e", "MCP_TRANSPORT_TYPE=http",
"-e", "MCP_HTTP_PORT=3001",
"-e", "MCP_HTTP_HOST=0.0.0.0",
"-e", "NVD_API_KEY=your-optional-nvd-api-key",
"-e", "GITHUB_TOKEN=your-optional-github-token",
"proug/mcp-cve-intelligence-server-lite:latest"
]
}
}
}Docker Compose (Production Ready):
Use the provided docker-compose.yml for production deployments:
# Start with HTTP transport on port 13001
./docker-run.sh up
# Server available at: http://localhost:13001
# Health check: http://localhost:13001/health/liveNote: When using Docker, the MCP server runs in an isolated container. The Docker image is available from Docker Hub:
# Pull the latest image docker pull proug/mcp-cve-intelligence-server-lite:latest # Or build locally from source: docker build -t mcp-cve-intelligence-server-lite:local .
For Custom Implementations:
Start the server in stdio mode and connect via standard input/output:
# Start server in stdio mode (default)
npx mcp-cve-intelligence-server-lite
# Or start in HTTP mode
npx mcp-cve-intelligence-server-lite --transport http --port 3001Basic Configuration
# Core server settings
export MCP_HTTP_PORT="3001"
export MCP_TRANSPORT="http" # or "stdio"
export LOG_LEVEL="info" # debug, info, warn, error
export NODE_ENV="production" # development, production, testAPI Authentication (Enhanced Functionality)
# NVD API (NIST) - Higher rate limits
export NVD_API_KEY="your-nvd-api-key"
# GitHub API - Higher rate limits for security advisories
export GITHUB_TOKEN="your-github-personal-access-token"
# MITRE CVE Program - Requires CVE Program membership
export MITRE_API_KEY="your-mitre-api-key"
export MITRE_API_ORG="your-organization-name"
export MITRE_API_USER="your-username"Security Note: API keys and tokens are only accepted via environment variables for security reasons. They cannot be provided via CLI arguments.
Advanced Configuration
# Rate limiting and performance
export CVE_CACHE_TTL="1800" # Cache TTL in seconds
export CVE_CACHE_MAX_SIZE="1000" # Maximum cache entries
export CVE_REQUEST_TIMEOUT="30000" # Request timeout in ms
export CVE_RETRY_ATTEMPTS="3" # Retry attempts for failed requests
# Security settings
export CVE_CORS_ORIGIN="*" # CORS allowed origins
export CVE_API_KEY_REQUIRED="false" # Require API key for access
export CVE_RATE_LIMIT="100" # Requests per window
export CVE_RATE_WINDOW="3600" # Rate limit window in seconds
# Logging and monitoring
export LOG_FILE_PATH="/app/logs" # Log file directory
export LOG_MAX_FILES="30" # Maximum log files to keep
export LOG_MAX_SIZE="100mb" # Maximum log file size
export METRICS_ENABLED="true" # Enable performance metricsEnvironment File Example
Create a .env file in your project root:
# .env file for MCP CVE Intelligence Server Lite
NODE_ENV=development
MCP_HTTP_PORT=3001
LOG_LEVEL=debug
# API Keys (optional but recommended)
NVD_API_KEY=your-nvd-api-key-here
GITHUB_TOKEN=ghp_your-github-token-here
# Performance tuning
CVE_CACHE_TTL=3600
CVE_REQUEST_TIMEOUT=30000
CVE_RETRY_ATTEMPTS=3
# Security
CVE_CORS_ORIGIN=http://localhost:3000,https://yourdomain.com
CVE_RATE_LIMIT=200
CVE_RATE_WINDOW=3600Docker Environment Configuration
# docker-compose.yml environment section
environment:
- NODE_ENV=production
- MCP_HTTP_PORT=3001
- LOG_LEVEL=info
- NVD_API_KEY=${NVD_API_KEY}
- GITHUB_TOKEN=${GITHUB_TOKEN}
- CVE_CACHE_TTL=1800
- CVE_RATE_LIMIT=100Authentication Details
Source | Authentication | Required For | Setup |
NVD | Optional API key | Higher rate limits |
|
GitHub | Optional token | Higher rate limits |
|
MITRE | CVE Program membership | Search functionality |
|
Note: MITRE search requires CVE Program membership with Secretariat role. Individual CVE lookups work without authentication. 📋 For Docker-specific configuration and deployment options, see docs/DOCKER.md
🏗️ Architecture (Lite Edition)
Core Components
CVE Service: Central intelligence engine for vulnerability analysis
Source Manager: Manages multiple CVE data sources with failover
Transport Manager: Handles both STDIO and HTTP transport protocols
Health Service: Monitors data source availability and performance
Exploit Intelligence: Pattern-based exploit discovery and classification
Data Sources (Lite Configuration)
Source | Purpose | Features | Authentication |
NVD (NIST) | Primary CVE database | CVSS metrics, CPE matching, essential search | Optional (API key) |
MITRE | Authoritative CVE records | Official assignments, CWE mappings, CVE JSON 5.1 | CVE Program membership |
GitHub Security | Modern vulnerability advisories | GHSA identifiers, ecosystem-specific data | Optional (token) |
Exploit Sources (Lite Pattern Detection)
Exploit-DB: Verified exploits with detailed documentation and proof-of-concepts
GitHub PoCs: Cutting-edge research and proof-of-concept repositories
Metasploit Framework: Professional penetration testing modules and exploits
PacketStorm Security: Curated security exploits and security advisories
🔧 Development
Quick Development Setup
# Clone and setup
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
npm install
# Build and run
npm run build
npm start📋 For detailed development workflow, debugging, testing procedures, and contribution guidelines, see CONTRIBUTING.md
📊 Performance Features (Lite Edition)
Essential Caching: Smart caching reduces API calls and improves response times
Streamlined Processing: Optimized source queries for faster results
Retry Logic: Exponential backoff with circuit breaker for reliable API communication
Request Optimization: Prevents duplicate API calls within time windows
Performance Monitoring: Built-in timing, metrics collection, and health checks
Connection Management: Efficient HTTP connection handling
Rate Limiting: Source-specific throttling respecting API limits and quotas
🔒 Security Considerations
Input Validation: Comprehensive Zod schema validation for all inputs
Sanitization: Multi-layer input sanitization preventing injection attacks
Rate Limiting: Request throttling with client identification and blocking
Error Handling: Secure error messages without sensitive data exposure
Type Safety: Strict TypeScript implementation preventing runtime errors
API Key Management: Secure environment variable handling with validation
Transport Security: HTTPS enforcement and secure headers
Session Management: Secure session handling for HTTP transport
🌟 Use Cases (Lite Edition)
For Security Professionals
Vulnerability Assessment: Essential CVE research and analysis
Threat Intelligence: Real-time vulnerability trending and prioritization
Penetration Testing: Exploit discovery and pattern analysis
Compliance Reporting: Professional vulnerability reports
For AI/LLM Integration
Context-Aware Security: Provide vulnerability context to AI models
Automated Research: Enable AI-driven security research workflows
Intelligent Prioritization: AI-assisted vulnerability triage
Report Generation: Automated security documentation
🤝 Contributing
We welcome contributions! Please see our Contributing Guide for details on:
Setting up the development environment
Code style guidelines
Submitting pull requests
Reporting bugs and feature requests
🛡️ Security
This project follows security best practices:
Responsible Disclosure: See our Security Policy for reporting vulnerabilities
Secure Development: All releases go through automated security scanning and approval processes
Access Control: Repository access is restricted to verified maintainers
Audit Trail: All production deployments are tracked and require approval
For security concerns, please see our Security Policy.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙋♂️ Support
GitHub Issues: Report bugs or request features
GitHub Discussions: Community discussions and questions
Documentation: Check the inline code documentation for API details
🏆 Credits
NIST NVD: Primary vulnerability database
MITRE Corporation: CVE numbering authority
GitHub Security: Modern security advisory platform
Model Context Protocol: AI integration framework
Built with ❤️ for the cybersecurity community
MCP CVE Intelligence Server Lite - Essential CVE intelligence for security professionals
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/gnlds/mcp-cve-intelligence-server-lite'
If you have feedback or need assistance with the MCP directory API, please join our Discord server