- Home
- MCP servers
- Vulnerability Intelligence
Vulnerability Intelligence
- javascript
9
GitHub Stars
javascript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
You can use the MCP Vulnerability Checker Server to query vulnerability data, compute CVSS scores, check exploit availability, and audit Python packages for security issues. It centralizes security intelligence from multiple data sources so you can prioritize patches, assess risk, and track remediation across your projects.
How to use
Connect your MCP client to the hosted vulnerability intelligence server to access a suite of tools for CVE lookups, EPSS scoring, CVSS calculations, exploit detection, and Python package vulnerability checks. Once connected, you can perform targeted risk assessments, run dependency checks, and research vulnerabilities with multi-source intelligence.
How to install
Prerequisites: Node.js (for MCP tooling) and a compatible MCP client. If you want to run a local instance for development or testing, follow the Docker-based setup or the local development steps.
# Docker-based setup (recommended for local development)
# Clone the repository (use the exact repository name you have access to)
# git clone https://github.com/firetix/vulnerability-intelligence-mcp-server
# cd vulnerability-intelligence-mcp-server
# Create environment file
# cp .env.example .env
# Build and run with Docker Compose
# docker compose up --build -d
# docker compose logs -f
# docker compose ps
# docker compose down
# The server will be available at: http://localhost:8000/sse
Configuration and quick start
Configure your MCP client to connect to the hosted server using the provided endpoints. The hosted server exposes an SSE endpoint that your client subscribes to for real-time vulnerability intelligence.
{
"mcpServers": {
"vulnerability-intelligence": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-fetch"],
"env": {
"FETCH_URL": "https://vulnerability-intelligence-mcp-server-edb8b15494e8.herokuapp.com/sse"
}
}
}
}
{
"mcpServers": {
"vulnerability-intelligence": {
"url": "https://vulnerability-intelligence-mcp-server-edb8b15494e8.herokuapp.com/sse"
}
}
}
Security tools and what you can do
The server includes a set of modular tools you can run to gather vulnerability intelligence, evaluate risk, and verify package security.
Test the connection
After you configure your MCP client, run sample queries to confirm connectivity and tool availability. For example, perform a CVE lookup, EPSS score check, Python package vulnerability check, and a CVSS calculation.
Available tools
cve_lookup
Fetches detailed vulnerability information from NVD, including CVSS scores, descriptions, references, CWE mappings, and timeline data.
get_epss_score
Retrieves EPSS scores for CVEs to estimate exploitation probability and rank risk.
calculate_cvss_score
Calculates CVSS base scores from vector strings with support for CVSS v3.0 and v3.1.
search_vulnerabilities
Performs keyword-based searches across multiple vulnerability databases with severity and date range filters.
get_exploit_availability
Checks for public exploits and PoCs across multiple sources to assess exploit risk.
get_vulnerability_timeline
Provides timeline and patch status information for a given CVE.
get_vex_status
Checks VEX status for specific products and vendor advisories.
package_vulnerability_check
Examines Python packages against OSV and PyPI data to identify known vulnerabilities.