71
/ 100
13 days ago
glama

CVE MCP Server

This MCP server transforms Claude into a comprehensive security analyst by providing access to 27 security tools across 21 APIs for vulnerability intelligence. It enables users to query multiple sources like NVD, EPSS, CISA KEV, and threat intelligence platforms in parallel to get correlated security insights and risk assessments for CVEs.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 8 credentials: NVD_API_KEY, GITHUB_TOKEN, VULNCHECK_TOKEN, ABUSEIPDB_KEY, VIRUSTOTAL_KEY, URLSCAN_KEY, SHODAN_KEY, GREYNOISE_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretNVD_API_KEY10× faster NVD lookups (50 req/30s vs 5) [Request at nvd.nist.gov](https://nvd.nist.gov/developers/request-an-api-key) 50 requests per 30 seconds Optional but strongly recommended
🔐 secretGITHUB_TOKENsearch_exploits Search GitHub for public proof-of-concept exploits and exploit code repositories (optional) search_exploits("CVE-2024-3400")
🔐 secretVULNCHECK_TOKENclaude mcp add cve-mcp -e NVD_API_KEY=your_key -e =your_token -- python -m cve_mcp.server
configCACHE_DB_PATHdefaults to ~/.cve-mcp/cache.db
configAUDIT_LOG_PATHdefaults to ~/.cve-mcp/audit.log
configREQUEST_TIMEOUT30 # HTTP timeout in seconds
configMAX_RETRIES3 # retries on transient errors
🔐 secretABUSEIPDB_KEYIP reputation lookups [Register at abuseipdb.com](https://www.abuseipdb.com/register) 1,000 checks/day Required for IP tools
🔐 secretVIRUSTOTAL_KEYFile/URL/domain/IP malware scanning [Sign up at virustotal.com](https://www.virustotal.com/gui/join-us) 500 lookups/day, 4/min Required for VT tools
🔐 secretURLSCAN_KEYURL scanning and website analysis [Sign up at urlscan.io](https://urlscan.io/user/signup) 5,000 public scans/day Optional
🔐 secretSHODAN_KEYHost/port/service reconnaissance [Register at account.shodan.io](https://account.shodan.io) Basic host lookups (free tier) Required for Shodan tools
🔐 secretGREYNOISE_API_KEYcheck_ip_noise Query GreyNoise for IP scan/attack activity, classification, and associated CVEs check_ip_noise("185.220.101.34")
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/mukul975-cve-mcp-server-zuczks)](https://m8ven.ai/mcp/mukul975-cve-mcp-server-zuczks)
commit: 809953e04c1db4eaa3b808747e16711d23964af4
code hash: 05fd61ad2d986dee895670d772e7d645d09f1e5282fc0586c8277ec6441a5f39
verified: 6/17/2026, 11:58:52 AM
view raw JSON →