Vulners

Provides access to Vulners vulnerability data via MCP tools for search, bulletin details, and software audits.
  • python

3

GitHub Stars

python

Language

4 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

Vulners MCP Server provides direct access to the Vulners vulnerability database through MCP-compatible clients, enabling you to query vulnerability data, search CVEs, audit software packages, and analyze security bulletins using natural language conversations. It supports both HTTP and standard input/output transports, making it practical for running in containers or locally with compatible tools.

How to use

You can run Vulners MCP in HTTP mode for programmatic access or in stdio mode for integration with clients like Claude Desktop. Start by selecting your deployment method, then connect your MCP client to the server using the provided URL (HTTP) or the standard input/output transport (stdio). Use the available tools to search for vulnerabilities, retrieve bulletin details, audit software versions, and explore CPE information.

How to install

Prerequisites you need before installing: Python 3.9 or newer, Docker Engine for containerized deployment, and access to the Vulners API with a valid API key.

Option A: Docker with HTTP mode (remote HTTP endpoint) - follow these steps exactly.

# Create a simple .env file with your API key
echo "VULNERS_API_KEY=your_api_key_here" > .env

# Run the server in HTTP mode using the provided image
docker run -d \
  --name vulners-mcp-http \
  -e MCP_TRANSPORT_MODE="http" \
  -e VULNERS_BASE_URL="https://vulners.com" \
  -e VULNERS_API_KEY="your_api_key" \
  -p 8000:8000 \
  vulners-mcp:latest

# Access the MCP endpoint at http://<HOST>:8000/mcp
"}]},{

Option B: Docker with stdio mode (for Claude Desktop) - the command uses interactive input to connect locally.

docker run -i --rm \
  -e VULNERS_API_KEY="your_api_key" \
  vulners-mcp:latest

# This starts the MCP server in stdio mode and connects to the client that supports stdio transport

Option C: Build and run locally (development workflow) - install dependencies and start the server directly with Python.

git clone https://github.com/vulnersCom/vulners-mcp.git
cd vulners-mcp
poetry install 
export VULNERS_API_KEY="your_api_key"
poetry run python -m vulners_mcp

Configuration / Environment Variables

The server relies on environment variables to configure access and transport. Set these variables to control authentication, base API URL, and transport behavior.

Testing

Verify HTTP mode is reachable by checking the MCP endpoint in your browser or via a client. For stdio mode, ensure your client can communicate through the standard input/output channel and perform sample queries to validate tool behavior.

Notes and recommendations

Always supply your Vulners API key securely. When using HTTP mode, ensure network access to the Vulners API is available from the hosting environment. For Claude Desktop or other MCP clients, prefer HTTP mode for production integrations and stdio mode for local development or desktop integrations.

Security considerations

Keep API keys confidential and rotate them per your security policy. Restrict network access to the MCP server, especially in HTTP mode, and monitor access patterns to detect anomalous queries.

Available tools

search_lucene

Full-text search across Vulners vulnerability bulletins using Lucene syntax to discover vulnerabilities when you don't have specific IDs.

bulletin_by_id

Fetch full vulnerability bulletins by CVE or Vulners ID for detailed information, including patches and references.

query_autocomplete

Provide search suggestions for vendors, products, and CVEs to accelerate query formulation.

search_cpe

Find CPE strings by vendor and product using the latest Vulners schema.

audit_software

Audit specific software versions for known vulnerabilities using exact vendor/product/version information.

audit_linux_packages

Audit Linux packages (RPM/DEB) for vulnerabilities across a distro and version.

get_supported_os

List supported OS identifiers/versions for Linux package auditing.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
Vulners MCP Server - vulnerscom/vulners-mcp | VeilStrat