- Home
- MCP servers
- EPSS MCP Project
EPSS MCP Project
- python
13
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"jgamblin-epss-mcp": {
"command": "python",
"args": [
"epss_mcp.py"
],
"env": {
"NVD_API_KEY": "your-nvd-api-key"
}
}
}
}The EPSS MCP Server brings CVE details from the NVD API together with EPSS scores from the EPSS service, exposing them through a robust MCP interface so you can quickly query vulnerabilities and prioritize remediation.
How to use
You interact with the EPSS MCP Server through an MCP client to retrieve CVE information and EPSS scores. Start the local MCP server, then request details for a specific CVE by its ID to obtain descriptions, CWE mappings, CVSS scores, and the EPSS percentile.
How to install
Prerequisites: Python 3.13 or higher, Docker (optional for containerized deployment), and an NVD API key.
-
Clone the project repository and navigate into it.
-
Install the required Python dependencies in a virtual environment.
-
Create a configuration file to supply your NVD API key.
-
Run the MCP server locally. You can also deploy using Docker for a containerized setup.
$ git clone <repository-url>
$ cd epss-mcp-project
# Optional: create and activate a virtual environment
# Python 3.13+ is required
$ python -m venv venv
$ source venv/bin/activate # on macOS/Linux
# Windows would use: venv\Scripts\activate
# Install dependencies
$ pip install -r requirements.txt
# Add your NVD API key to a .env file
$ printf 'NVD_API_KEY=your-nvd-api-key\n' > .env
# Start the MCP server locally
$ python epss_mcp.py
Additional sections
Configuration and deployment details from this guide cover local running and Docker-based deployment. The MCP server exposes an endpoint to fetch CVE data and EPSS scores; you can run it directly with Python or deploy via Docker for a portable runtime.
Docker deployment options are provided to run the MCP server in containerized form and expose port 8000 so you can access it from other tools and interfaces.
If you intend to use the VS Code MCP integration, you can register a local stdio MCP server pointing to your Python entry point so the editor can query CVE details and EPSS scores on demand.
Available tools
fetchCveDetails
Retrieve comprehensive CVE information from the NVD API, including descriptions, CWEs, and CVSS scores.
fetchEpssScores
Obtain EPSS scores and percentiles for specified CVEs to assess exploit likelihood.
serveMcpData
Expose vulnerability and EPSS information through the MCP server for integration with clients.