Cybersecurity Vulnerability Intelligence MCP Server

Unified vulnerability intelligence from 4 government data sources in a single MCP server. Get enriched CVE lookups with CVSS scores, active exploitation status, exploitation probability, and ATT&CK techniques in one call.

Tools

vuln_lookup_cve — Enriched CVE Lookup

The killer feature. Look up any CVE and get intelligence from all 4 sources in a single call.

• Input: { cveId: "CVE-2021-44228" }
• Returns: NVD details + CVSS score + KEV exploitation status + EPSS probability + ATT&CK techniques

vuln_search — Search CVEs

Search the NVD by keyword, severity, and date range. Optionally filter to only actively exploited (KEV) vulnerabilities.

• Input: { keyword: "apache log4j", severity: "CRITICAL", hasKev: true, limit: 20 }

vuln_kev_latest — Recently Exploited Vulnerabilities

Get vulnerabilities recently added to CISA's Known Exploited Vulnerabilities catalog.

• Input: { days: 7, limit: 20 }

vuln_kev_due_soon — Upcoming Remediation Deadlines

Get KEV entries with remediation deadlines approaching. Critical for federal compliance.

• Input: { days: 14, limit: 20 }

vuln_epss_top — Highest Exploitation Probability

Get CVEs most likely to be exploited in the next 30 days based on EPSS machine learning model.

• Input: { threshold: 0.7, limit: 20 }

vuln_trending — Newly Published Critical CVEs

Get recently published high/critical severity CVEs from the NVD.

• Input: { days: 3, severity: "CRITICAL", limit: 20 }

vuln_by_vendor — Vendor Vulnerability Assessment

Search CVEs for a specific vendor/product. Cross-references with CISA KEV to flag actively exploited issues.

• Input: { vendor: "microsoft", product: "windows", limit: 20 }

Use Cases

• Vulnerability triage: Look up a CVE and instantly know if it's actively exploited, its EPSS score, and what ATT&CK techniques apply
• Patch prioritization: Combine KEV status + EPSS scores to prioritize remediation
• Compliance tracking: Monitor upcoming CISA KEV remediation deadlines
• Threat intelligence: Track trending CVEs and newly weaponized vulnerabilities
• Vendor risk assessment: Assess a vendor's vulnerability exposure and active exploitation status

Quick Start

Glama (hosted)

Install from Glama.ai.

Apify (hosted)

{
  "mcpServers": {
    "cybersecurity": {
      "url": "https://cybersecurity-vuln-mcp.apify.actor/mcp"
    }
  }
}

Claude Desktop / Claude Code

{
  "mcpServers": {
    "cybersecurity": {
      "command": "node",
      "args": ["path/to/servers/cybersecurity-vuln-mcp/dist/stdio.js"],
      "env": {
        "NVD_API_KEY": "your-key-here"
      }
    }
  }
}

Local (stdio)

git clone https://github.com/martc03/gov-mcp-servers.git
cd gov-mcp-servers/servers/cybersecurity-vuln-mcp
npm install && npm run build
node dist/stdio.js

Environment Variables

Caching

Architecture

• Protocol: MCP over stdio (Glama/local) or Streamable HTTP (Apify)
• Runtime: Node.js 18+, TypeScript
• Data: Direct API calls to free government data sources, zero cost
• Caching: In-memory with configurable TTLs

Other Servers in This Repo

This repository contains 13 MCP servers for US government data. See each server's README for details.

A REST API gateway with 45 endpoints is also available at govdata-api.netlify.app.

Attribution

• NVD: This product uses data from the NVD API but is not endorsed or certified by the NVD.
• EPSS: Data provided by FIRST.org (https://www.first.org/epss/).
• ATT&CK: Registered trademark of The MITRE Corporation. Licensed under Apache 2.0.
• KEV: CISA Known Exploited Vulnerabilities Catalog, US Government public domain.

Custom MCP Server Development

Need a custom MCP server for your business? Visit mcpdev.netlify.app or email codee.mcpdev@gmail.com.

License

MIT