MCP App Server for cybersecurity vulnerability intelligence. Look up CVEs, check exploit probability, find actively exploited vulnerabilities, and get composite risk scores from NVD, CISA KEV, and EPSS.
Tell your AI what you run. It tracks threats to your stack and tells you when something changes.
- CVE Lookup & Search — NIST NVD full CVE data with CVSS scores
- CISA KEV Catalog — Confirmed actively exploited vulnerabilities
- EPSS Scores — Exploit prediction probability from FIRST.org
- Cross-Source Risk Scoring — Composite tier (CRITICAL/HIGH/MEDIUM/LOW) combining all three sources
- Interactive Dashboard — MCP App UI for visual exploration
- Scan Triage — Paste scanner output (Trivy JSON, Grype JSON, CSV, or any text with CVE IDs) for instant prioritization
- Technology Stack Profile — Register what you run (nginx, postgresql, ubuntu, etc.) and every CVE lookup flags whether it affects your stack
- CVE Watchlist — Track specific CVEs over time. The server captures baseline EPSS/KEV scores and reports deltas on every check
- Personalized Briefings — The dashboard briefing surfaces changes since your last session: new KEV entries, EPSS score shifts on watched CVEs, and threats to your technology stack
pip install vulnerability-intelligence-mcp
NIST_NVD_API_KEY=your_key vulnerability-intelligence-mcpCISA KEV and EPSS are public APIs — no additional keys required.
Tell the AI what technologies you run. Every subsequent CVE lookup, analysis, and briefing will flag results that affect your stack:
"Add nginx 1.24, postgresql 16, and ubuntu 22.04 to my technology stack"
Track specific CVEs over time. The server captures EPSS and KEV baselines and reports changes:
"Watch CVE-2024-3094 and CVE-2021-44228"
Paste Trivy, Grype, or any scanner output. The server extracts CVE IDs, scores them across all three sources, and cross-references your tech stack:
"Triage this scan output: [paste Trivy JSON]"
Profile data (technology stack, watchlist, briefing state) persists to a local SQLite database at ~/.vulnerability-intelligence/state.db. This directory is outside the package installation path — pip install --upgrade preserves your data.
Override the storage location with the DATA_DIR environment variable.
| Category | Tools | Description |
|---|---|---|
| Combined | vulnerability_app, vulnerability_analyze |
Interactive dashboard and full cross-source CVE analysis |
| NVD | nvd_cve_lookup, nvd_cve_search, nvd_cve_by_severity, nvd_cve_by_cpe, nvd_cve_kev, nvd_cve_recent, nvd_cve_history, nvd_cve_by_weakness |
NIST National Vulnerability Database |
| CISA KEV | cisa_kev_stats, cisa_kev_recent, cisa_kev_lookup, cisa_kev_search, cisa_kev_ransomware, cisa_kev_triage, cisa_kev_due_soon, cisa_kev_cwe_breakdown, cisa_kev_product_exposure |
Known Exploited Vulnerabilities catalog |
| EPSS | epss_score_lookup, epss_most_exploitable, epss_score_history, epss_score_at_date, epss_score_by_percentile, epss_triage, epss_search, epss_risk_report |
Exploit Prediction Scoring System |
| Profile | manage_stack, manage_watchlist, scan_triage |
Technology stack, CVE watchlist, scanner output triage |
Request a free key at https://nvd.nist.gov/developers/request-an-api-key
Without a key, NVD requests are rate-limited to 5 per 30 seconds. With a key: 50 per 30 seconds.
Use all tools without running anything locally at mcpbundles.com.
MIT