Vulnerability Intelligence

Provides up-to-date vulnerability data from NVD, EPSS, CVSS, exploit data, and Python package risk assessments.
  • javascript

9

GitHub Stars

javascript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

You can use the MCP Vulnerability Checker Server to query vulnerability data, compute CVSS scores, check exploit availability, and audit Python packages for security issues. It centralizes security intelligence from multiple data sources so you can prioritize patches, assess risk, and track remediation across your projects.

How to use

Connect your MCP client to the hosted vulnerability intelligence server to access a suite of tools for CVE lookups, EPSS scoring, CVSS calculations, exploit detection, and Python package vulnerability checks. Once connected, you can perform targeted risk assessments, run dependency checks, and research vulnerabilities with multi-source intelligence.

How to install

Prerequisites: Node.js (for MCP tooling) and a compatible MCP client. If you want to run a local instance for development or testing, follow the Docker-based setup or the local development steps.

# Docker-based setup (recommended for local development)
# Clone the repository (use the exact repository name you have access to)
# git clone https://github.com/firetix/vulnerability-intelligence-mcp-server
# cd vulnerability-intelligence-mcp-server

# Create environment file
# cp .env.example .env

# Build and run with Docker Compose
# docker compose up --build -d
# docker compose logs -f
# docker compose ps
# docker compose down

# The server will be available at: http://localhost:8000/sse

Configuration and quick start

Configure your MCP client to connect to the hosted server using the provided endpoints. The hosted server exposes an SSE endpoint that your client subscribes to for real-time vulnerability intelligence.

{
  "mcpServers": {
    "vulnerability-intelligence": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-fetch"],
      "env": {
        "FETCH_URL": "https://vulnerability-intelligence-mcp-server-edb8b15494e8.herokuapp.com/sse"
      }
    }
  }
}
{
  "mcpServers": {
    "vulnerability-intelligence": {
      "url": "https://vulnerability-intelligence-mcp-server-edb8b15494e8.herokuapp.com/sse"
    }
  }
}

Security tools and what you can do

The server includes a set of modular tools you can run to gather vulnerability intelligence, evaluate risk, and verify package security.

Test the connection

After you configure your MCP client, run sample queries to confirm connectivity and tool availability. For example, perform a CVE lookup, EPSS score check, Python package vulnerability check, and a CVSS calculation.

Available tools

cve_lookup

Fetches detailed vulnerability information from NVD, including CVSS scores, descriptions, references, CWE mappings, and timeline data.

get_epss_score

Retrieves EPSS scores for CVEs to estimate exploitation probability and rank risk.

calculate_cvss_score

Calculates CVSS base scores from vector strings with support for CVSS v3.0 and v3.1.

search_vulnerabilities

Performs keyword-based searches across multiple vulnerability databases with severity and date range filters.

get_exploit_availability

Checks for public exploits and PoCs across multiple sources to assess exploit risk.

get_vulnerability_timeline

Provides timeline and patch status information for a given CVE.

get_vex_status

Checks VEX status for specific products and vendor advisories.

package_vulnerability_check

Examines Python packages against OSV and PyPI data to identify known vulnerabilities.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
Vulnerability Intelligence MCP Server - firetix/vulnerability-intelligence-mcp-server | VeilStrat