Cybersecurity Vulnerability Intel MCP

Real-time CVE lookup via NIST NVD 2.0, CISA KEV alerts, EPSS exploitation probability, and MITRE ATT&CK mappings. 7 tools for AI-powered vulnerability assessment.

GitHub

Cybersecurity Vulnerability Intelligence MCP Server

Unified vulnerability intelligence from 4 government data sources in a single MCP server. Get enriched CVE lookups with CVSS scores, active exploitation status, exploitation probability, and ATT&CK techniques — all in one call.

Data Sources

SourceWhat It ProvidesUpdate Frequency
NIST NVD 2.0CVE details, CVSS scores, descriptions, references, CWE classificationsContinuous
CISA KEVActively exploited vulnerabilities catalog, remediation deadlinesDaily
FIRST.org EPSSExploitation probability scores (0-1) predicting likelihood of exploitation in next 30 daysDaily
MITRE ATT&CKAdversary techniques mapped to CVEsQuarterly

Tools

vuln_lookup_cve — Enriched CVE Lookup (Recommended Start)

The killer feature. Look up any CVE and get intelligence from all 4 sources in a single call.

Parameters:

  • cveId (required): CVE identifier (e.g., CVE-2021-44228)

Returns: NVD details + CVSS score + KEV exploitation status + EPSS probability + ATT&CK techniques

Example: Look up Log4Shell → Get CVSS 10.0, confirmed in CISA KEV, EPSS 0.97 (97th percentile), mapped to T1190 (Exploit Public-Facing Application).

vuln_search — Search CVEs

Search the NVD by keyword, severity, and date range.

Parameters:

  • keyword: Search term (e.g., "apache log4j", "buffer overflow")
  • severity: LOW, MEDIUM, HIGH, or CRITICAL
  • pubStartDate / pubEndDate: ISO date range
  • hasKev: If true, only return CVEs in the CISA KEV catalog
  • limit: Max results (1-50, default 20)

vuln_kev_latest — Recently Exploited Vulnerabilities

Get vulnerabilities recently added to CISA's Known Exploited Vulnerabilities catalog.

Parameters:

  • days: Look back period (default 7)
  • limit: Max results (default 20)

vuln_kev_due_soon — Upcoming Remediation Deadlines

Get KEV entries with remediation deadlines approaching. Critical for federal compliance.

Parameters:

  • days: Deadline within N days (default 14)
  • limit: Max results (default 20)

vuln_epss_top — Highest Exploitation Probability

Get CVEs most likely to be exploited in the next 30 days based on EPSS machine learning model.

Parameters:

  • threshold: Minimum EPSS score 0-1 (default 0.7 = 70%)
  • limit: Max results (default 20)

vuln_trending — Newly Published Critical CVEs

Get recently published high/critical severity CVEs from the NVD.

Parameters:

  • days: Published within last N days (default 3)
  • severity: Minimum severity level (default CRITICAL)
  • limit: Max results (default 20)

vuln_by_vendor — Vendor Vulnerability Assessment

Search CVEs for a specific vendor/product. Cross-references with CISA KEV to flag actively exploited issues.

Parameters:

  • vendor (required): Vendor name (e.g., "microsoft", "apache")
  • product: Narrow by product (e.g., "windows", "log4j")
  • limit: Max results (default 20)

Use Cases

  • Vulnerability triage: Look up a CVE and instantly know if it's actively exploited, its EPSS score, and what ATT&CK techniques apply
  • Patch prioritization: Combine KEV status + EPSS scores to prioritize remediation
  • Compliance tracking: Monitor upcoming CISA KEV remediation deadlines
  • Threat intelligence: Track trending CVEs and newly weaponized vulnerabilities
  • Vendor risk assessment: Assess a vendor's vulnerability exposure and active exploitation status

Attribution

  • This product uses data from the NVD API but is not endorsed or certified by the NVD.
  • EPSS data provided by FIRST.org (https://www.first.org/epss/).
  • ATT&CK is a registered trademark of The MITRE Corporation. Licensed under Apache 2.0.
  • CISA Known Exploited Vulnerabilities Catalog — US Government public domain.

Related Servers