CVEs
- python
0
GitHub Stars
python
Language
4 months ago
First Indexed
3 weeks ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"davidculver-cve-mcp-server": {
"command": "python",
"args": [
"-m",
"src.mcp_server"
],
"env": {
"PYTHONPATH": "YOUR_PATH_TO_CVE_MCP_SERVER"
}
}
}
}You can run a local, containerized MCP server that lets you ask a CVE database in natural language. Everything stays on your machine, and you interact with it using standard MCP tooling to query CVEs, search by keywords, and retrieve statistics.
How to use
Use the MCP client to connect to the local server via stdio for a seamless, privacy-preserving experience. You can run the server locally with Python, or run it inside Docker for containerized setups. Once the server is running, you can ask it about CVEs, search for CVEs by keywords, and request statistics about the CVE dataset.
Two common usage patterns exist:
- Run the MCP server locally and connect with MCP Inspector or another MCP client using stdio. The server starts with the Python entry point for the MCP server component.
- Run the MCP server inside Docker and connect via a local or container-based client. The server provides the same capabilities but runs in a containerized environment.
How to install
Prerequisites you need before installing:
- Docker with docker compose support
- Python 3.11+ for local development
- Node.js 18+ for MCP Inspector usage in testing
- Optional: a MCP Inspector client to test interactions
# Development setup (local)
pip install -e ".[dev]"
# Production/Docker setup
pip install -r requirements.txt
Configuration is optional. You can create a .env file to customize paths if you want to point to specific CVE data sources. Copy the example and edit the variables you need.
Key steps to get started quickly
# Local development flow
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python -m src.mcp_server # starts the MCP server waiting for MCP client connections via stdio
# Docker flow (full workflow)
./run_docker.sh # builds and starts the Docker container
# Load CVE data inside Docker (choose a data load option)
docker exec cve-mcp-server python -m src.data_ingestion.loader --year 2024 --limit 100
# Test with MCP Inspector (local or docker) depending on your setup
npx @modelcontextprotocol/inspector
Additional sections
Configuration and data management details are described below to help you set up and maintain a functional local MCP server for CVE queries.
Data management and runtime notes
- The server runs locally and stores all data on your machine to preserve privacy.
- CVE data can be refreshed from public sources into your local store.
- The server supports a simple stdio transport for MCP clients and can run inside Docker for isolation and consistency.
Testing and validation tips
- Use MCP Inspector to validate all three tools by connecting to the server via the appropriate transport (stdio for local, docker exec for containerized setup).
- Ensure the server process is running before starting the inspector. If you restart the client, re-establish the connection.
Troubleshooting quick checks
- If the container won’t start, check logs and restart the container: docker logs, docker compose down, docker compose up -d.
- If no CVE data is loaded, re-run the data loading script inside the container or locally.
- If the Inspector reports connection issues, re-check the exact command used to start the MCP server and verify PYTHONPATH is set correctly.
Available tools
get_cve_details
Fetch detailed information about a specific CVE by its identifier, including description, severity, and references.
search_cves
Search CVEs by a keyword or phrase and return a list of matching CVEs with basic metadata.
get_statistics
Return high-level statistics about the CVE dataset, such as total CVEs and date ranges.
