CVE MCP Server

What it does

This server turns Claude into a full-spectrum security analyst by aggregating data from over 20 security APIs. It eliminates the need to manually correlate data across NVD, EPSS, CISA KEV, and VirusTotal by providing a unified interface for vulnerability intelligence.

Tools

• lookup_cve: Fetch detailed CVE records and CVSS scores from NVD.
• get_epss_score: Get exploitation probability percentiles for specific CVEs.
• check_kev_status: Verify if a vulnerability is in CISA's Known Exploited Vulnerabilities catalog.
• calculate_risk_score: Compute a composite 0-100 risk score based on CVSS, EPSS, KEV, and PoC availability.
• shodan_host_lookup: Reconnaissance of open ports and services for a target IP.
• virustotal_lookup: Analyze hashes and URLs against 70+ antivirus engines.
• scan_dependencies: Scan packages against OSV.dev for known vulnerabilities.

Installation

{
  "mcpServers": {
    "cve-mcp": {
      "command": "python",
      "args": ["-m", "cve_mcp.server"],
      "cwd": "/absolute/path/to/cve-mcp-server",
      "env": {
        "NVD_API_KEY": "your-key-here",
        "GITHUB_TOKEN": "your-token-here",
        "ABUSEIPDB_KEY": "your-key-here",
        "VIRUSTOTAL_KEY": "your-key-here",
        "GREYNOISE_API_KEY": "your-key-here",
        "SHODAN_KEY": "your-key-here"
      }
    }
  }
}

Supported hosts

Confirmed for Claude Desktop and Claude Code via stdio.