"A search for information on Common Vulnerabilities and Exposures (CVE)" matching MCP tools:

• cve_search

  ContrastAPI

  Search CVE database with filters: product/vendor, severity, published date range, EPSS score, CWE, CVSS range, CISA KEV status. Default response is SLIM per-result (cve_id, summary, severity, cvss_v3, cwe_id, epss, kev, total_products, published, modified, sources) — pass include='full' for description, cvss_breakdown, affected_products, references, first_seen_*. Verdict (sources_queried, falsifiable_fields, completeness, data_age) is at the response root — applies to the whole batch, not per-row. Product/vendor filters are EXACT NVD-canonical-token matches (not the common name — e.g. nginx is 'nginx_open_source'/'nginx_plus', vendor 'f5'); a low/zero count for a well-known product means the token differs, so for dependency/package lists use check_dependencies and for a domain's whole stack tech_stack_cve_audit (both auto-normalize tokens). Use for vulnerability discovery by criteria; pass cwe_id (e.g. CWE-79) to enumerate every CVE in our database mapped to a weakness — pair with cwe_lookup for the category description and mitigations. Use cve_lookup for single CVE by ID, kev_detail when kev=true filtering and the agent needs federal patch deadlines per result. Response carries a global hint pointing at cve_lookup — drill into any returned cve_id for full detail and chained pivots (exploit_lookup, kev_detail, cwe_lookup). Free: 30/hr, Pro: 500/hr. Returns {count, total, truncated, offset, summary, results, query_echo, next_offset, verdict, hint}.

  Connector

• kev_detail

  ContrastAPI

  Look up CISA KEV (Known Exploited Vulnerabilities) full record for a CVE. Returns federal patch deadline (due_date), CISA-specified required_action remediation, known ransomware association, vendor/product, the CISA-given common name (e.g. 'Log4Shell'), CISA-reported CWE list, plus lifecycle metadata: date_updated (when CISA last revised the entry), date_removed (set when CISA removed the CVE from the catalog — null while still active), and updated_at (our DB sync freshness). Returns 404 when the CVE is not in the KEV catalog — use cve_lookup for non-KEV CVEs. Best follow-up after cve_lookup or cve_search(kev=true) when an in_kev=true CVE is identified; chain with cwe_lookup on each returned CWE to investigate the weakness category. Free: 30/hr, Pro: 500/hr. Returns {cve_id, vendor_project, product, vulnerability_name, date_added, due_date, required_action, known_ransomware_use, notes, cwes, date_updated, date_removed, updated_at, verdict, next_calls}.

  Connector

• bulk_cve_lookup

  ContrastAPI

  Batch query multiple CVEs (up to 50 per call, same for Free and Pro): retrieve full CVE details for all in 1 request instead of N. By default each CVE's affected_products is truncated to the first 20 entries (total_products reports honest count) and references to the first 10 (total_references reports honest count); pass include_affected_products=true / include_full_references=true to return full lists. Pass include_reference_tags=true to receive references_full=[{url, tags, source}] per CVE in the batch. Pass include_severity_breakdown=true to receive severity_sources/consensus/disagreement per CVE. Use for dependency audits or bulk vulnerability enrichment; use cve_lookup for single CVE. Each successful item carries next_calls — chain with kev_detail (when kev.in_kev=true), cwe_lookup (when cwe_id is present), or exploit_lookup. Free: 30/hr (1 per item), Pro: 500/hr. Returns {results, total, successful, failed, timed_out, partial, summary}.

  Connector

• check_injection

  ContrastAPI

  Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.

  Connector

• check_dependencies

  ContrastAPI

  Audit project dependencies (npm/PyPI/Maven/RubyGems/etc.) against CVE database: find known vulnerabilities in your package list. Bulk query up to 50 packages per call (same for Free and Pro). Use for dependency security scanning; use cve_lookup for single CVE. Free: 30/hr (1 per package), Pro: 500/hr. Returns {findings, total, by_severity, summary}. Each finding includes fixed_in (first patched version per NVD/MITRE version range) when a version range matched — omitted from wire when the range is open-ended or no input version was supplied; remediation copy then says 'Check if ... is affected ... and upgrade if so' instead of 'Upgrade to X.Y.Z or later'.

  Connector

• osv_query_package

  osv-advisory-mcp-server

  Query known vulnerabilities for a single package version across any supported ecosystem. Returns all matching OSV advisories with severity (CVSS vectors), CVE aliases, affected version ranges, and first safe version. Use osv_list_ecosystems to validate the ecosystem string before querying — ecosystem strings are case-sensitive exact matches and an invalid value returns an error, not empty results.

  Connector

• security_fetch_cve_epss

  DataNexus MCP

  EPSS exploit probability score for a CVE — predicts likelihood of exploitation in the next 30 days. cve_id: CVE identifier e.g. "CVE-2021-44228". Returns: epss (float 0.0–1.0) and percentile (float 0.0–100.0). Thresholds: >0.7 patch immediately, 0.3–0.7 patch soon, <0.3 monitor. Use with security_fetch_cve_detail to prioritize patching — EPSS measures urgency, CVSS measures severity. Source: FIRST.org. 6-hour cache. Example: fetch_cve_epss(cve_id="CVE-2021-44228")

  Connector

• search_exploits

  Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database

  Browse and filter exploits using STRUCTURED FILTERS ONLY (no free-text query). Use this to filter by source (github, metasploit, exploitdb, nomisec, gitlab, inthewild, vulncheck_xdb, patchapalooza, oscs, poc_monitor), language (python, ruby, etc.), LLM classification (working_poc, trojan, suspicious, scanner, stub, writeup, tool, no_code), author, min stars, code availability, CVE ID, vendor, or product. Also filter by AI analysis: attack_type (RCE, SQLi, XSS, DoS, LPE, auth_bypass, info_leak), complexity (trivial/simple/moderate/complex), reliability (reliable/unreliable/untested/theoretical), requires_auth. NOTE: To search by product name (e.g. 'OpenSSH', 'Apache'), use search_vulnerabilities instead — it has free-text query and get_vulnerability already includes exploits in the response. Examples: source='metasploit' for all Metasploit modules; attack_type='RCE' with reliability='reliable' for weaponizable RCE exploits; cve='CVE-2024-3400' for all exploits targeting a specific CVE; vendor='mitel' for all Mitel exploits.

  Connector

• general_search

  Nansen

  General search tool. This is your FIRST entry point to look up for possible tokens, entities, and addresses related to a query. Do NOT use this tool for prediction markets. For Polymarket names, topics, event slugs, or URLs, use `prediction_market_lookup` instead. Nansen MCP does not support NFTs, however check using this tool if the query relates to a token. Regular tokens and NFTs can have the same name. This tool allows you to: - Check if a (fungible) token exists by name, symbol, or contract address - Search information about a token - Current price in USD - Trading volume - Contract address and chain information - Market cap and supply data when available - Search information about an entity - Find Nansen labels of an address (EOA) or resolve a domain (.eth, .sol)

  Connector

• fetch

  FTIR.fun Spectral Search

  Fetch a specific public FTIR analysis result by ID. USE WHEN: - User provides a result ID (e.g., "result:12345" or "12345") - Following up on search to get full details - User shares a result number and wants details DO NOT USE: - For searching by keyword (use search) - For analyzing new spectra (use search_ftir_library) INPUT: - id: result identifier in format "result:<number>" or just "<number>" OUTPUT: - id: canonical result ID - url: direct link to result page - title: result headline - text: analysis summary - report_view: detailed analysis data - metadata: additional information EXAMPLE: >>> fetch(id="result:12345") >>> fetch(id="12345")

  Connector

• slovenia-cadastral-deep

  geoagentic

  Deep parcel and building analysis for Slovenia using GURS WFS data. Returns zoning, actual use, heritage protection, road access, buildings on parcel, and utilities. USE FOR: - "Analyze parcel 3086 in Ljubljana center" - "Find buildable parcels ~500m² in Ljubljana" - "What buildings are on this parcel?" - "Find parcels near these coordinates" - "Get full details on building 1234" NOT FOR: simple parcel lookup → use slovenia-cadastre instead (faster, lighter). NOT FOR: spatial/zoning map queries → use slovenia-wfs-expert instead. SEARCH MODES — pick ONE per call: 1. PARCEL BY NUMBER (requires --parcel AND --ko) → --parcel 3086 --ko 1725 2. LOCATION SEARCH (requires --lat AND --lon, or --location) → --lat 46.058 --lon 14.501 --radius 100 → --location "Tivoli Park Ljubljana" --radius 200 3. BUILDING BY NUMBER (requires --building, optionally --ko) → --building 1234 --ko 1728 4. COMMUNITY SEARCH (requires at least --community or --size) → --community LJUBLJANA --size 500 --buildable COMMON KO IDs: 1725 = Ljubljana center 1728 = Ljubljana Šiška 1740 = Ljubljana Bežigrad 2131 = Maribor NOTE: This tool makes multiple WFS calls per result and can be slow (10-30s). Use --limit to keep response times reasonable.

  Connector

• query_cves

  Fillin

  Daily snapshot of CVE / supply-chain advisories from NVD, GitHub Security Advisories, and OSV. Use before merging dependency updates, when triaging an alert, or when a user asks "is package X compromised". Each result row carries a structured `affected` list (one entry per affected package: ecosystem, name, vulnerable_range, patched_range) and a numeric `severity_score` (CVSS baseScore, nullable on OSV-only rows). A buyer can act on the returned row — pin to `patched_range` — without a second hop to NVD or GHSA.

  Connector

• general_search

  Nansen

  General search tool. This is your FIRST entry point to look up for possible tokens, entities, and addresses related to a query. Do NOT use this tool for prediction markets. For Polymarket names, topics, event slugs, or URLs, use `prediction_market_lookup` instead. Nansen MCP does not support NFTs, however check using this tool if the query relates to a token. Regular tokens and NFTs can have the same name. This tool allows you to: - Check if a (fungible) token exists by name, symbol, or contract address - Search information about a token - Current price in USD - Trading volume - Contract address and chain information - Market cap and supply data when available - Search information about an entity - Find Nansen labels of an address (EOA) or resolve a domain (.eth, .sol)

  Connector

• dependency_vulnerability_scan

  gapup-mcp

  SCA (Software Composition Analysis) — scans a project dependency manifest and returns known vulnerabilities for each dependency. Supports: package.json (npm), requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), composer.json (PHP), Gemfile.lock (Ruby), CycloneDX SBOM JSON. PRIMARY source: OSV.dev (keyless, free, covers npm/PyPI/Go/crates.io/Packagist/RubyGems + GHSA advisories federated). CVSS enrichment: NVD NIST (when OSV lacks score). Exploitation flag: CISA KEV (known-exploited-vulnerabilities catalog). Returns per-vuln CVE/GHSA IDs, severity, CVSS score, fixed version, and actionable upgrade recommendations. Relevant for EU NIS2 supply chain risk obligations, DORA, SOC 2 vendor assessments. Cache TTL 6h. Parallel OSV queries (concurrency=10). SLA <=30s p95.

  Connector

• vulnerabilities

  Osv Dev

  Find vulnerabilities affecting a package — optionally narrowed to a specific version, or alternatively by git commit hash. Pass package_name + ecosystem (npm / PyPI / Maven / NuGet / RubyGems / crates.io / Packagist / Hex / Pub / Go / Debian / Alpine / Ubuntu / Linux). Returns shaped vuln list with severity_level, affected_summary (introduced→fixed ranges), aliases, references, advisory_url. Use for "is lodash 4.17.4 safe", "what hits requests<2.20", "every CVE for log4j".

  Connector

• calculate_risk_score

  ContrastAPI

  Composite CVE risk score (0-100) — fuses CVSS, EPSS, KEV, and PoC into a single agent-ready triage signal. Formula: CVSS*0.20 + EPSS*0.35 + KEV*0.30 + PoC*0.15 (each component rescaled to 0-100 before weighting). Multiplicative boosters applied in order: KEV+PoC combo (*1.15), critical-severity-with-high-EPSS (CVSS>=9 AND EPSS>0.7, *1.10), recently published (within last 7 days, *1.05). Final score clamped to [0, 100]. Label bands: CRITICAL>=90, HIGH>=70, MEDIUM>=40, LOW<40. Urgency text encodes patch SLA (immediate when KEV; 24h/72h/30d by label). Use to triage a single CVE without orchestrating cve_lookup + exploit_lookup separately. PoC signal here is the local ExploitDB mirror only — for full multi-source exploit detail (GitHub Advisory + Shodan refs + ExploitDB), call exploit_lookup separately. Methodology adapted from mukul975/cve-mcp-server (Apache-2.0): https://github.com/mukul975/cve-mcp-server. Free: 30/hr, Pro: 500/hr. Returns {cve_id, score (0-100), label (CRITICAL/HIGH/MEDIUM/LOW), urgency, has_public_poc, components (cvss_v3, epss_score, in_kev, has_public_poc, weighted_breakdown), boosters_applied, recommendation, summary, verdict, next_calls}.

  Connector

• scan_skill

  SecurityScan

  Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")

  Connector

• security_fetch_cisa_kev

  DataNexus MCP

  Check whether a CVE is in the CISA Known Exploited Vulnerabilities (KEV) catalog. Read-only. No side effects. Idempotent. cve_id: CVE identifier in format CVE-YYYY-NNNNN e.g. CVE-2021-44228. Required. Returns in_kev (bool), date_added, due_date, ransomware_use, and notes from the CISA KEV catalog. KEV status answers 'Is this being actively exploited?' — a critical triage question not available in NIST NVD. Verified source: CISA KEV catalog (updated daily, cached). Use security_fetch_cve_detail for full CVE severity. Use security_fetch_cve_epss for exploit probability. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_fetch_cisa_kev", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

  Connector

• security_fetch_package_vulnerabilities

  DataNexus MCP

  Fetch all known CVEs for an open source package version or a batch of packages. Read-only. No side effects. Idempotent. Single-package mode: package (e.g. requests), version (e.g. 2.28.0), ecosystem (PyPI/npm/Maven/Go/Cargo/NuGet/RubyGems). Batch mode: packages array of {name, version, ecosystem} objects — max 50 per call. If packages array is provided and non-empty, batch mode is used and package/version/ecosystem are ignored. Batch returns {results: [...], partial: bool, failed_count: int}. Each result has vuln_count and vulnerabilities list. Returns CVE ID, severity, CVSS score, affected range, and fixed version. Use security_fetch_cve_detail for full detail by CVE ID. Use security_audit_sbom_vulnerabilities for SBOM files. Verified source: Google OSV.dev. 1-hour cache. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_fetch_package_vulnerabilities", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

  Connector

• security_fetch_cve_risk_summary

  DataNexus MCP

  Instant CVE risk verdict. Combines CVSS severity, CISA KEV exploitation status, and EPSS probability in one parallel call. Returns CRITICAL_EXPLOIT, HIGH_RISK, MODERATE, LOW, or UNKNOWN verdict with patch availability from vendor advisories. UNKNOWN means all upstream sources were unreachable — not that risk is low. Rate limit: 60/minute. No auth required. For security engineers triaging vulnerabilities after fetch_cve_watch fires. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_fetch_cve_risk_summary", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

  Connector