- Home
- MCP servers
- Vulners
Vulners
- python
3
GitHub Stars
python
Language
4 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Vulners MCP Server provides direct access to the Vulners vulnerability database through MCP-compatible clients, enabling you to query vulnerability data, search CVEs, audit software packages, and analyze security bulletins using natural language conversations. It supports both HTTP and standard input/output transports, making it practical for running in containers or locally with compatible tools.
How to use
You can run Vulners MCP in HTTP mode for programmatic access or in stdio mode for integration with clients like Claude Desktop. Start by selecting your deployment method, then connect your MCP client to the server using the provided URL (HTTP) or the standard input/output transport (stdio). Use the available tools to search for vulnerabilities, retrieve bulletin details, audit software versions, and explore CPE information.
How to install
Prerequisites you need before installing: Python 3.9 or newer, Docker Engine for containerized deployment, and access to the Vulners API with a valid API key.
Option A: Docker with HTTP mode (remote HTTP endpoint) - follow these steps exactly.
# Create a simple .env file with your API key
echo "VULNERS_API_KEY=your_api_key_here" > .env
# Run the server in HTTP mode using the provided image
docker run -d \
--name vulners-mcp-http \
-e MCP_TRANSPORT_MODE="http" \
-e VULNERS_BASE_URL="https://vulners.com" \
-e VULNERS_API_KEY="your_api_key" \
-p 8000:8000 \
vulners-mcp:latest
# Access the MCP endpoint at http://<HOST>:8000/mcp
"}]},{
Option B: Docker with stdio mode (for Claude Desktop) - the command uses interactive input to connect locally.
docker run -i --rm \
-e VULNERS_API_KEY="your_api_key" \
vulners-mcp:latest
# This starts the MCP server in stdio mode and connects to the client that supports stdio transport
Option C: Build and run locally (development workflow) - install dependencies and start the server directly with Python.
git clone https://github.com/vulnersCom/vulners-mcp.git
cd vulners-mcp
poetry install
export VULNERS_API_KEY="your_api_key"
poetry run python -m vulners_mcp
Configuration / Environment Variables
The server relies on environment variables to configure access and transport. Set these variables to control authentication, base API URL, and transport behavior.
Testing
Verify HTTP mode is reachable by checking the MCP endpoint in your browser or via a client. For stdio mode, ensure your client can communicate through the standard input/output channel and perform sample queries to validate tool behavior.
Notes and recommendations
Always supply your Vulners API key securely. When using HTTP mode, ensure network access to the Vulners API is available from the hosting environment. For Claude Desktop or other MCP clients, prefer HTTP mode for production integrations and stdio mode for local development or desktop integrations.
Security considerations
Keep API keys confidential and rotate them per your security policy. Restrict network access to the MCP server, especially in HTTP mode, and monitor access patterns to detect anomalous queries.
Available tools
search_lucene
Full-text search across Vulners vulnerability bulletins using Lucene syntax to discover vulnerabilities when you don't have specific IDs.
bulletin_by_id
Fetch full vulnerability bulletins by CVE or Vulners ID for detailed information, including patches and references.
query_autocomplete
Provide search suggestions for vendors, products, and CVEs to accelerate query formulation.
search_cpe
Find CPE strings by vendor and product using the latest Vulners schema.
audit_software
Audit specific software versions for known vulnerabilities using exact vendor/product/version information.
audit_linux_packages
Audit Linux packages (RPM/DEB) for vulnerabilities across a distro and version.
get_supported_os
List supported OS identifiers/versions for Linux package auditing.