NVD CVE MCP Server

A Model Context Protocol (MCP) server for retrieving and displaying CVE vulnerability information from the National Vulnerability Database (NVD). Features dual data sources with NVD API and web scraping fallback.

✨ Features

🔍 CVE Details Lookup: Retrieve complete vulnerability information by CVE ID
🔎 Keyword Search: Search for CVE vulnerabilities by keywords
📊 Formatted Output: Display vulnerability information in elegant Markdown format
🔄 Dual Data Sources: API-first approach with web scraping as fallback
🌐 Multi-language Support: Full support for both English and Chinese

📦 Installation

Prerequisites

Node.js >= 18.0.0
npm or yarn

Quick Start with npx (Recommended)

No installation required! Use directly with npx:

{
  "mcpServers": {
    "nvd-cve": {
      "command": "npx",
      "args": ["-y", "nvd-cve-mcp-server"]
    }
  }
}

Global Installation

npm install -g nvd-cve-mcp-server

Local Installation

npm install nvd-cve-mcp-server

🚀 Usage

1. Configure as MCP Server

Configure in Claude Desktop or other MCP-compatible applications:

macOS/Linux (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "nvd-cve": {
      "command": "npx",
      "args": ["-y", "nvd-cve-mcp-server"]
    }
  }
}

Windows (%APPDATA%\Claude\claude_desktop_config.json):

{
  "mcpServers": {
    "nvd-cve": {
      "command": "npx",
      "args": ["-y", "nvd-cve-mcp-server"]
    }
  }
}

2. Direct Execution

npm start

🛠️ Available Tools

1. get_cve_details

Retrieve detailed information for a specific CVE.

Parameters:

cve_id (required): CVE ID in format CVE-YYYY-NNNNN

Example:

Get details for CVE-2025-13583

Output Format:

# CVE-2025-13583

## 📊 Basic Information

- **CVE ID**: CVE-2025-13583
- **CVSS Score**: 9.8
- **Severity**: CRITICAL
- **Published**: 2025-11-23
- **Last Modified**: 2025-11-26
- **CWE Type**: CWE-89

## 📝 Description

[Detailed vulnerability description]

## 🔗 References

1. [VulDB](https://vuldb.com/?id.333344)
2. [GitHub Issue](https://github.com/rassec2/dbcve/issues/6)

## 🌐 Official Links

- [NVD Details](https://nvd.nist.gov/vuln/detail/CVE-2025-13583)
- [CVE Record](https://cve.org/CVERecord?id=CVE-2025-13583)

2. search_cves

Search for CVE vulnerabilities by keyword.

Parameters:

keyword (required): Search keyword
limit (optional): Number of results to return (default: 10, max: 20)

Example:

Search for CVEs related to "SQL injection"
Search for "WordPress" vulnerabilities, limit to 5 results

Output Format:

# CVE Search Results: "SQL injection"

Found 10 related vulnerabilities

| CVE ID | Severity | CVSS | Published | Description |
|--------|----------|------|-----------|-------------|
| CVE-2025-13583 | CRITICAL | 9.8 | 2025-11-23 | A vulnerability has been found in code-projects... |
| CVE-2025-13582 | HIGH | 7.3 | 2025-11-23 | A vulnerability was found in code-projects... |

📋 Usage Examples

Using with Claude

Query Specific CVE:

Please help me query CVE-2025-13583 details

Search Vulnerabilities:

Search for recent SQL injection vulnerabilities

Search by Product:

Find WordPress-related CVE vulnerabilities

🔧 Technical Architecture

Data Sources

NVD API (Primary)
- Official REST API: https://services.nvd.nist.gov/rest/json/cves/2.0
- Provides structured JSON data
- Includes complete CVSS scores, CWE classifications, etc.
NVD Web (Fallback)
- Web scraping when API is unavailable
- Uses Cheerio for HTML parsing
- Extracts key vulnerability information

Core Dependencies

@modelcontextprotocol/sdk: MCP protocol implementation
axios: HTTP client
cheerio: HTML parser

📊 Data Format

CVE Details Object

{
  id: "CVE-2025-13583",
  description: "Vulnerability description...",
  cvssScore: 9.8,
  severity: "CRITICAL",
  published: "2025-11-23T10:15:03.000",
  lastModified: "2025-11-26T12:39:31.000",
  references: [
    {
      url: "https://example.com",
      source: "VulDB"
    }
  ],
  cweId: "CWE-89",
  source: "api" // or "web"
}

⚠️ Important Notes

API Rate Limits: NVD API has rate limits, please use responsibly
Network Requirements: Requires access to nvd.nist.gov
Data Freshness: CVE information is updated regularly, check for latest data
Format Validation: CVE ID must follow CVE-YYYY-NNNNN format

🐛 Troubleshooting

Common Issues

API Timeout
- Check network connection
- System will automatically switch to web scraping mode
CVE Not Found
- Verify CVE ID format is correct
- Check if CVE has been published to NVD
No Search Results
- Try using more general keywords
- Check spelling

📝 Development

Project Structure

nvd-cve-mcp-server/
├── src/
│   └── index.js          # Main server code
├── package.json          # Project configuration
└── README.md            # Documentation

Local Development

# Development mode (auto-restart)
npm run dev

# Production mode
npm start

🤝 Contributing

Issues and Pull Requests are welcome!

📄 License

MIT License

👥 Author

SOCTeam.AI

🔗 Related Links

Note: This tool is for security research and educational purposes only. Please comply with relevant laws, regulations, and ethical standards.

NVD CVE MCP Server

NVD CVE MCP Server

✨ Features

📦 Installation

Prerequisites

Quick Start with npx (Recommended)

Global Installation

Local Installation

🚀 Usage

1. Configure as MCP Server

2. Direct Execution

🛠️ Available Tools

1. get_cve_details

2. search_cves

📋 Usage Examples

Using with Claude

🔧 Technical Architecture

Data Sources

Core Dependencies

📊 Data Format

CVE Details Object

⚠️ Important Notes

🐛 Troubleshooting

Common Issues

📝 Development

Project Structure

Local Development

🤝 Contributing

📄 License

👥 Author

🔗 Related Links

Related Servers

DealX

Nomad Stays

MCP Time Server

WSB Analyst

ALMA_MCP

USA Spending MCP

Octagon VC Agents

Robust Long‑Term Memory

NebulaFinger MCP

Map Traveler