MCP CVE Intelligence Server Lite

Provides multi-source CVE data and tools for search, details, trends, EPSS scoring, reports, and health monitoring.
  • typescript

13

GitHub Stars

typescript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

MCP CVE Intelligence Server Lite provides multi-source vulnerability data and security insights that you can integrate into AI workflows. It aggregates CVE information from major sources and exposes practical tools for searching, analyzing, prioritizing, and reporting on vulnerabilities to help security teams and researchers act quickly and confidently.

How to use

You connect an MCP-compatible client to the server to perform CVE research and risk analysis. Start the server, ensure it is reachable, then issue tool calls through your MCP client to search for vulnerabilities, retrieve detailed CVE information, explore trending issues, compute context-aware EPSS scores, generate professional reports, discover product-specific vulnerabilities, and monitor source health. Use the client’s standard tool interface to invoke each function and receive structured results that you can feed into workflows, dashboards, or reports.

How to install

Prerequisites you need before installation are Node.js 20.0.0 or higher and npm (comes with Node.js). Follow these steps to install and run the server locally, and optionally run it in Docker for isolation.

# Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite

# Install dependencies
npm install

# Build the project
npm run build

# Start the server
npm start

Running with Docker

If you prefer containerized deployment, you can run a pre-built image or build locally. The image exposes the MCP server and can be reached via HTTP transport on port 13001 by default.

# Run latest pre-built image (HTTP transport, port mapping)
docker run -d --name mcp-cve-server -p 13001:3001 -e MCP_TRANSPORT_TYPE=http -e MCP_HTTP_PORT=3001 -e MCP_HTTP_HOST=0.0.0.0 proug/mcp-cve-intelligence-server-lite:latest

# Health check
curl http://localhost:13001/health

Using MCP clients

Connect your MCP-compatible client to the server using either HTTP or stdio transport, as shown in your client's configuration. You can point an HTTP client to the server URL and an MCP stdio client to run the server via a command like npx or through a Docker-based stdio setup.

Notes on configuration and access

To maximize throughput and reliability, you can configure API keys and tokens for external data sources. Set environment variables for NVD, GitHub, and MITRE as needed, and tune cache, timeouts, and rate limits to fit your deployment. Ensure secure handling of keys, and prefer HTTPS transport where possible.

Troubleshooting

If the server fails to start, verify that Node.js and npm are installed at the required versions, confirm dependencies are installed, and check that the build completed successfully. For connectivity issues, confirm the selected transport (http or stdio) and port, and ensure your MCP client is configured to use the same transport. Review environment variables for required API keys and tokens.

Security and best practices

Use HTTPS transport where available, sanitize all inputs, and enforce proper access controls. Treat API keys and tokens as secrets and store them in secure environments. Enable monitoring to detect anomalies in health and performance, and implement retry and backoff strategies to handle transient errors gracefully.

Available tools

searchCves

Advanced CVE search and discovery with flexible criteria and intelligent filtering

getCveDetails

Retrieve detailed CVE information including exploits, references, and scoring metrics

getTrendingCves

Identify currently trending vulnerabilities based on activity and severity

calculateEpssScores

Compute environment-aware EPSS scores using provided context

generateCveReport

Produce professional vulnerability reports in multiple formats with selected sections

searchByCpe

Discover CVEs affecting specific products using CPE identifiers

getSourceHealth

Monitor data source availability and performance in real time

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational