Summary

This project provides a production-grade Model Context Protocol (MCP) server that integrates 27 security intelligence tools across 21 APIs, transforming AI models like Claude into comprehensive security analysts. It addresses the inefficiency of manually correlating data from disparate sources (NVD, EPSS, CISA KEV, Shodan, VirusTotal, etc.) for CVE triaging. The server enables users to query security information through natural language, receiving correlated intelligence and actionable risk assessments, significantly reducing analysis time for security professionals.

How It Works

The CVE MCP Server acts as a backend for AI assistants, exposing 27 distinct security tools via the Model Context Protocol (MCP). It leverages an asynchronous HTTP client (httpx) to query numerous external security APIs in parallel. Key architectural choices include a composite risk engine that calculates a weighted risk score (0-100) based on CVSS, EPSS, CISA KEV status, and Proof-of-Concept (PoC) availability. Local SQLite caching optimizes repeated queries, and all tool invocations are logged for auditability. This approach centralizes complex data retrieval and analysis into a single, AI-accessible interface.

Quick Start & Requirements

• Primary install: Clone the repository, create a Python virtual environment (Python 3.10+ recommended), and run pip install -e .. uv can be used as a faster alternative.
• Prerequisites: Python 3.10+, pip/uv, Git. API keys for services like NVD, GitHub, AbuseIPDB, VirusTotal, GreyNoise, and Shodan are recommended for full functionality, though 8 tools operate without keys.
• Setup: Basic installation takes approximately 2 minutes.
• Links: GitHub Repository

Highlighted Details

• Integrates 27 security tools covering vulnerability, exploit, network, and threat intelligence.
• Provides a composite risk score combining CVSS, EPSS, KEV, and PoC availability.
• Offers a "zero-key" start, enabling core functionality with no API keys.
• All network traffic is outbound HTTPS only, with no inbound ports opened.
• Features local SQLite caching for API responses and an audit log for tool usage.

Maintenance & Community

The project is authored by Mahipal Jangra (mukul975). The README includes sections for a roadmap and known limitations, indicating ongoing development considerations.

Licensing & Compatibility

The project is released under the MIT License. This permissive license allows for broad compatibility with commercial and closed-source applications.

Limitations & Caveats

The server focuses solely on intelligence gathering and lookups, performing no active scanning or write operations beyond URLScan submissions. It currently calculates risk scores based on CVSS v3.1 only, and does not recalculate NVD-provided v4.0 scores. Users may encounter limitations inherent to the free tiers of various external APIs, such as rate limits on NVD and GreyNoise, or delays in EPSS data for newly disclosed CVEs.