Vulners MCP Server
OfficialClick on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Vulners MCP ServerFind recent vulnerabilities in Google Chrome"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Vulners MCP Server
Vulners MCP is a Model Context Protocol (MCP) server that provides seamless access to the Vulners vulnerability database through AI assistants like Claude Desktop. It enables security researchers and developers to query comprehensive vulnerability data, search for CVEs, analyze security bulletins, and audit software packages directly through natural language conversations.
Features
AI Assistant Integration: Works natively with Claude Desktop and other MCP-compatible clients
Dual Transport Support: Automatically detects and supports both stdio (for Claude Desktop) and HTTP transports
Comprehensive Tools: 7 MCP tools for vulnerability research including:
Full-text Lucene search across 4M+ vulnerability bulletins
CVE and bulletin information retrieval
Software/package vulnerability auditing
CPE search and autocomplete
Linux package vulnerability auditing
Flexible Deployment: Docker, local build, or PyPI installation
Environment-based Configuration: Simple setup via environment variables
Related MCP server: Exploit Intel Platform MCP Server
Table of Contents
Requirements
Python 3.9+
Access to the Vulners API (valid API key and network connectivity)
(For Docker) Docker engine
Obtaining Vulners API Key
Please, register at Vulners website. Go to the personal menu by clicking at your name at the right top corner. Follow "API KEYS" tab. Generate API key with scope "api" and use it with the library.
Quick Start with Claude Desktop
The easiest way to use Vulners MCP is through Claude Desktop:
1. Build the Docker Image
git clone https://github.com/vulnersCom/vulners-mcp.git
cd vulners-mcp
docker build -t vulners-mcp:latest .2. Configure Claude Desktop
Add to your Claude Desktop configuration file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json
{
"mcpServers": {
"vulners": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"VULNERS_API_KEY=YOUR_API_KEY_HERE",
"vulners-mcp:latest"
]
}
}
}Replace YOUR_API_KEY_HERE with your actual Vulners API key.
3. Restart Claude Desktop
After saving the configuration, restart Claude Desktop. The Vulners MCP server will be available through the 🔌 icon.
4. Start Using
You can now ask Claude questions like:
"Find recent vulnerabilities in Google Chrome"
"Show me details for CVE-2025-53770"
"What are recent exploted vulnerabilities in Citrix products"
"Audit this software: cpe:2.3:a:google:chrome:138.0.7204.184:::::::*"
"Audit ubuntu 22.04 packages 'openssl 3.0.2 amd64' and 'curl 7.81.0-1ubuntu1.14 amd64'"
Installation & Deployment
Docker with run script
For easy HTTP mode deployment, use the provided run script:
# Create .env file with your API key
echo "VULNERS_API_KEY=your_api_key_here" > .env
# Run the server
./run-docker.shThe server will start in HTTP mode at http://0.0.0.0:8000/mcp
Docker (manual)
Run the MCP server in HTTP mode:
docker run -d \
--name vulners-mcp-http \
-e MCP_TRANSPORT_MODE="http" \
-e VULNERS_BASE_URL="https://vulners.com" \
-e VULNERS_API_KEY="your_api_key" \
-p 8000:8000 \
vulners-mcp:latestFor Claude Desktop (stdio mode), the -i flag is used instead:
docker run -i --rm \
-e VULNERS_API_KEY="your_api_key" \
vulners-mcp:latestBuild & run locally
git clone https://github.com/vulnersCom/vulners-mcp.git
cd vulners-mcp
poetry install
export VULNERS_API_KEY="your_api_key"
poetry run python -m vulners_mcpConfiguration / Environment Variables
Variable | Type | Default | Description |
| string | required | API key for authenticating with Vulners |
| string |
| Base URL for the Vulners API (without /api suffix) |
| string |
| Force transport mode: |
| string |
| Host/interface on which MCP server binds (HTTP mode only) |
| integer |
| Port for MCP server (HTTP mode only) |
| string |
| Path for the streamable MCP endpoint (HTTP mode only) |
Transport Mode:
The server automatically detects the transport mode based on how it's run
Use
MCP_TRANSPORT_MODE=httpto explicitly force HTTP mode (for standalone HTTP server)Claude Desktop uses stdio mode automatically when run with
docker run -i
Usage & Endpoints
With Claude Desktop
Simply ask questions in natural language:
"Search for Apache vulnerabilities"
"Get information about CVE-2024-1234"
"Audit software cpe:/a:vendor:product:version"
HTTP Mode
When running in HTTP mode, clients connect to:
http://<FASTMCP_HOST>:<FASTMCP_PORT>/mcpDefault: http://0.0.0.0:8000/mcp
Testing
Test the HTTP server using the provided test script:
# Ensure the HTTP server is running
docker ps | grep vulners-mcp
# Run the test script
python3 test_tools.pyThe test script will:
Check server health
Initialize MCP protocol
List available tools
Test CVE search functionality
Test Lucene search
Available Tools
The server provides 7 MCP tools for vulnerability research:
Search & Discovery
search_lucene - 🔍 DISCOVERY TOOL FOR UNKNOWN VULNERABILITIES 🔍 Full-text search in Vulners Knowledge Base using Lucene syntax. Use ONLY when you don't have specific IDs or version information. NEVER use for known CVE/bulletin IDs - use bulletin_by_id instead. NEVER use for specific software versions (e.g., 'Chrome 138.0.7204.184') - use audit_software instead. 🚨 CRITICAL: For vendor/product searches, ALWAYS use cnaAffected.vendor and cnaAffected.product fields - the affectedSoftware field does NOT exist.
bulletin_by_id - 🚨 PRIMARY TOOL FOR KNOWN IDs 🚨 Fetch full bulletin by CVE or Vulners ID. Use this when you have a specific identifier like CVE-2024-1234, RHSA-2024:001, CTX694938, etc. Supports single ID or list of IDs. When list is provided, references are automatically set to False. NEVER use search_lucene for known IDs.
query_autocomplete - Autocomplete helper for search inputs (vendors, products, CVEs, etc.). Get search suggestions from the Vulners database.
search_cpe - Find CPE strings by vendor+product (latest schema). Search for Common Platform Enumeration identifiers in the Vulners database.
Vulnerability Auditing
audit_software - 🔍 VERSION-SPECIFIC SOFTWARE AUDIT 🔍 Audit specific software versions for known vulnerabilities. Use this when you have exact software version information (e.g., Chrome 138.0.7204.184). NEVER use search_lucene for version-specific software audits.
audit_linux_packages - Linux package audit (RPM/DEB) for a given distro + version. Analyze Linux package vulnerabilities against the Vulners database.
Information & System Support
get_supported_os - List supported OS identifiers/versions for Linux package audit. Get available operating systems for vulnerability analysis.
Tool Selection Guidelines
🚨 CRITICAL TOOL SELECTION RULES 🚨
WHEN TO USE EACH TOOL
bulletin_by_id: Use when you have SPECIFIC IDs
✅ "Analyze CVE-2025-7775" → bulletin_by_id
✅ "Look up CTX694938" → bulletin_by_id
✅ "Tell me about CVE-2021-44228" → bulletin_by_id
✅ Any specific CVE, RHSA, MS, CTX, NCSC, THN, etc. ID
search_lucene: Use ONLY for DISCOVERY when you don't have specific IDs
✅ "Find vulnerabilities in Apache" → search_lucene
✅ "Show me recent CVEs" → search_lucene
✅ "What vulnerabilities exist in Chrome?" → search_lucene
❌ NEVER use for known IDs - use bulletin_by_id instead
audit_software: Use for VERSION-SPECIFIC software audits
✅ "Audit Chrome 138.0.7204.184" → audit_software
✅ "Check vulnerabilities in Firefox 120.0" → audit_software
✅ Use when you have vendor + product + version information
❌ Don't use for vendor + product only (use search_lucene instead)
EFFICIENCY RULE: One bulletin_by_id call is sufficient for known IDs. Do NOT follow up with search_lucene unless explicitly asked to broaden scope.
Follow-up Workflow for Audit Tools
When using audit tools (audit_software, audit_linux_packages)
✅ Run the audit tool to identify vulnerable software and get CVE IDs
✅ Extract CVE IDs from the response vulnerabilities array
✅ Use
bulletin_by_idwith the list of CVE IDs for detailed analysis✅ This provides comprehensive vulnerability information including patches, references, and exploitation data
✅ Batch processing with
bulletin_by_idis more efficient than multiple individual calls
For detailed tool documentation and parameters, use Claude's tool inspection or check the server's tool list.
Development & Contributing
Open issues or feature requests on GitHub
Submit pull requests with improvements
Ensure compatibility with the Vulners API
Test both stdio (Claude Desktop) and HTTP modes
Building from Source
git clone https://github.com/vulnersCom/vulners-mcp.git
cd vulners-mcp
docker build -t vulners-mcp:latest .License
MIT
MCP Name: io.github.vulnersCom/vulners-mcp
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/vulnersCom/vulners-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server