Search the CVE database with filters. Returns matching vulnerabilities with CVSS scores, EPSS exploit probability, and KEV status. Common queries: - Critical CVEs this week: severity=CRITICAL, days=7 - Actively exploited: kev=true - Most exploitable nginx CVEs: product=nginx, sort=epss_desc - High-risk CVEs (EPSS>50%): epss_min=0.5, sort=epss_desc Returns: count (returned), total (matching), truncated (true = more pages available, use offset), results array. For a specific CVE ID, use cve_lookup instead.

Search the Exploit Intelligence Platform for vulnerabilities (CVEs). Returns a list of matching CVEs with CVSS scores, EPSS exploitation probability, exploit counts, CISA KEV status, VulnCheck KEV, InTheWild.io exploitation signals, and ransomware attribution. Supports full-text search, severity/vendor/product/ecosystem/CWE filters, CVSS/EPSS thresholds, plus any_exploited and ransomware filters. When sort is omitted, the API may automatically prefer newest exploitation, exploit, or nuclei-template activity based on the filters you set. Examples: query='apache httpd' with has_exploits=true; vendor='fortinet' with severity='critical' and is_kev=true sorted by epss_desc; any_exploited=true with ransomware=true for ransomware-linked CVEs; cwe='89' with min_cvss=9 for critical SQL injection CVEs.

List CWE (Common Weakness Enumeration) categories ranked by vulnerability count. Returns CWE IDs, names, short labels, exploit likelihood, and how many CVEs have that weakness. Use this when asked 'what are the most common vulnerability types?'

Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and searches for critical/ high severity CVEs with public exploits for each one, sorted by EPSS exploitation probability. Use this when a user describes their infrastructure and wants to know what to patch first. Example: technologies='nginx, postgresql, node.js' returns a risk-sorted list of exploitable CVEs grouped by technology. Rate-limit cost: each technology requires up to 2 API calls; 5 technologies counts as up to 10 calls toward your rate limit.

List CVEs that ContrastAPI indexed from MITRE/GHSA BEFORE NVD has published them. These are early-warning vulnerabilities — we have the data, NVD doesn't yet. Use this to find the freshest, most actionable CVEs that other tools miss. Returns the same format as cve_search: count, total, truncated, offset, results array. Each result includes sources and first_seen_source fields showing which upstream (mitre/ghsa) first reported it.

Get practical tips before using an MCP service. Returns auth setup, common pitfalls, workarounds from other agents, and reliability data. Like checking restaurant reviews before visiting.