NVD Database

An MCP server to query the NIST National Vulnerability Database (NVD)
  • python

12

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "marcoeg-mcp-nvd": {
      "command": "uv",
      "args": [
        "run",
        "mcp-nvd",
        "--transport",
        "sse",
        "--port",
        "9090"
      ],
      "env": {
        "NVD_API_KEY": "YOUR_API_KEY"
      }
    }
  }
}

You can query the NIST National Vulnerability Database (NVD) through this MCP server to retrieve CVE records, search for vulnerabilities by keyword, and receive results via real-time transport. This server is designed to work with MCP-compliant clients and can be run locally or in containers, enabling you to integrate up-to-date vulnerability data into your tooling and workflows.

How to use

Start the MCP server using the MCP runtime and connect it with an MCP client that supports stdio transport. Run the server in SSE mode on a port you choose, then use client tools to request specific CVEs or perform keyword searches. Typical actions include fetching a CVE by its ID and performing keyword searches with configurable result size and matching options.

How to install

Prerequisites you need to prepare before installation.

Install Python 3.10 or higher and ensure you have the uv tooling installed.

Clone the project repository and enter the directory.

# Install prerequisites and the MCP server
python3 -m venv venv
source venv/bin/activate
pip install -e .

Additional setup and run commands

Set up the environment with your NVD API key and start the server using the MCP runtime. You will run the server in stdio mode via UV to listen on a port for incoming client connections.

Configure your environment variable for the NVD API key.

export NVD_API_KEY=your-api-key

Run the MCP server in SSE mode on a chosen port. For example, open a terminal and execute:

uv run mcp-nvd --transport sse --port 9090

You can test using an MCP client that targets the SSE endpoint at http://localhost:9090/sse. The client can request CVEs by ID or perform keyword searches through the server’s exposed endpoints.

Configuration

To run with an MCP client and proper environment, include the following configuration for your Claude Desktop setup. This enables the server to be discovered and started by the MCP client.

{
  "mcpServers": {
    "mcp-nvd": {
      "command": "/path/to/uvx",
      "args": ["mcp-nvd"],
      "env": {
        "NVD_API_KEY": "your-api-key"
      }
    }
  }
}

Security and notes

Keep your NVD API key secure. Do not expose it in logs or shared configuration. Use environment variable management to protect keys and rotate credentials as needed.

Troubleshooting

If the server does not start, verify that the NVD API key is correctly set and that the port you chose is not in use. Check the server logs for any authentication or transport-related errors and ensure the MCP client is configured to connect using the same transport (stdio or sse) and port.

Examples and notes

The following commands illustrate common usage patterns you may adapt to your environment.

# Start the server with SSE transport on port 9090
uv run mcp-nvd --transport sse --port 9090

# Example client usage (client invocation will vary by client)
# Client would connect to http://localhost:9090/sse and request data

Available tools

get_cve

Retrieves a CVE record by its ID and returns detailed vulnerability data including scores, weaknesses, and references.

search_cve

Searches the NVD database by keyword with options for exact match, concise results, and a configurable number of results.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational