- Home
- MCP servers
- MCP CVE Intelligence Server Lite
MCP CVE Intelligence Server Lite
- typescript
13
GitHub Stars
typescript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
MCP CVE Intelligence Server Lite provides multi-source vulnerability data and security insights that you can integrate into AI workflows. It aggregates CVE information from major sources and exposes practical tools for searching, analyzing, prioritizing, and reporting on vulnerabilities to help security teams and researchers act quickly and confidently.
How to use
You connect an MCP-compatible client to the server to perform CVE research and risk analysis. Start the server, ensure it is reachable, then issue tool calls through your MCP client to search for vulnerabilities, retrieve detailed CVE information, explore trending issues, compute context-aware EPSS scores, generate professional reports, discover product-specific vulnerabilities, and monitor source health. Use the client’s standard tool interface to invoke each function and receive structured results that you can feed into workflows, dashboards, or reports.
How to install
Prerequisites you need before installation are Node.js 20.0.0 or higher and npm (comes with Node.js). Follow these steps to install and run the server locally, and optionally run it in Docker for isolation.
# Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
# Install dependencies
npm install
# Build the project
npm run build
# Start the server
npm start
Running with Docker
If you prefer containerized deployment, you can run a pre-built image or build locally. The image exposes the MCP server and can be reached via HTTP transport on port 13001 by default.
# Run latest pre-built image (HTTP transport, port mapping)
docker run -d --name mcp-cve-server -p 13001:3001 -e MCP_TRANSPORT_TYPE=http -e MCP_HTTP_PORT=3001 -e MCP_HTTP_HOST=0.0.0.0 proug/mcp-cve-intelligence-server-lite:latest
# Health check
curl http://localhost:13001/health
Using MCP clients
Connect your MCP-compatible client to the server using either HTTP or stdio transport, as shown in your client's configuration. You can point an HTTP client to the server URL and an MCP stdio client to run the server via a command like npx or through a Docker-based stdio setup.
Notes on configuration and access
To maximize throughput and reliability, you can configure API keys and tokens for external data sources. Set environment variables for NVD, GitHub, and MITRE as needed, and tune cache, timeouts, and rate limits to fit your deployment. Ensure secure handling of keys, and prefer HTTPS transport where possible.
Troubleshooting
If the server fails to start, verify that Node.js and npm are installed at the required versions, confirm dependencies are installed, and check that the build completed successfully. For connectivity issues, confirm the selected transport (http or stdio) and port, and ensure your MCP client is configured to use the same transport. Review environment variables for required API keys and tokens.
Security and best practices
Use HTTPS transport where available, sanitize all inputs, and enforce proper access controls. Treat API keys and tokens as secrets and store them in secure environments. Enable monitoring to detect anomalies in health and performance, and implement retry and backoff strategies to handle transient errors gracefully.
Available tools
searchCves
Advanced CVE search and discovery with flexible criteria and intelligent filtering
getCveDetails
Retrieve detailed CVE information including exploits, references, and scoring metrics
getTrendingCves
Identify currently trending vulnerabilities based on activity and severity
calculateEpssScores
Compute environment-aware EPSS scores using provided context
generateCveReport
Produce professional vulnerability reports in multiple formats with selected sections
searchByCpe
Discover CVEs affecting specific products using CPE identifiers
getSourceHealth
Monitor data source availability and performance in real time