11 stars
TypeScript
Updated Oct 12, 2025
Documentation
MCP CVE Intelligence Server Lite
A streamlined Model Context Protocol (MCP) Server for cybersecurity intelligence, providing unified access to vulnerability data from multiple authoritative sources including NVD, MITRE, and GitHub Security Advisories. This Lite version focuses on core CVE intelligence capabilities with essential features for security professionals.
🚀 Overview
The MCP CVE Intelligence Server Lite is a streamlined Model Context Protocol (MCP) Server designed for security professionals, penetration testers, and cybersecurity researchers who need essential vulnerability intelligence integrated into their AI workflows. This Lite edition focuses on core features, aggregating data from multiple authoritative sources and delivering actionable security insights through standardized protocols.
Status: Lite edition with core CVE intelligence features and streamlined functionality.
Key Features (Lite Edition)
- 🔍 Multi-Source CVE Intelligence: Unified access to NVD, MITRE CVE Records, and GitHub Security Advisories
- 🎯 Essential Exploit Discovery: Pattern-based detection from Exploit-DB, GitHub PoCs, Metasploit, and PacketStorm
- 🧮 EPSS Risk Scoring: Environmental context-aware vulnerability prioritization with exploit prediction
- 📊 Complete CVSS Support: Full v4/v3/v2 metric analysis with intelligent severity assessment
- 🔧 CPE-Based Discovery: Product-specific vulnerability identification using standardized identifiers
- 📈 Trending Analysis: Real-time vulnerability trending based on severity, exploits, and activity
- 📋 Professional Reports: Generate security reports in multiple formats (Markdown, JSON, summary)
- ⚡ Performance Optimized: Intelligent caching, retry logic, and streamlined processing
- 🛡️ Security-First: Type-safe implementation with comprehensive input validation and sanitization
- 🚦 Rate Limiting: Intelligent request throttling with source-specific limits
- 📊 Health Monitoring: Real-time source availability and performance tracking
🛠️ Installation
Prerequisites
- Node.js: 20.0.0 or higher
- npm: Comes with Node.js
Quick Start
bash
# Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
# Install dependencies
npm install
# Build the project
npm run build
# Start the server
npm startDocker Deployment
Using Pre-built Image (Recommended)
bash
# Pull and run the latest image from Docker Hub
docker run -d \
--name mcp-cve-server \
-p 13001:3001 \
-e MCP_TRANSPORT_TYPE=http \
-e MCP_HTTP_PORT=3001 \
-e MCP_HTTP_HOST=0.0.0.0 \
proug/mcp-cve-intelligence-server-lite:latest
# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/healthUsing Docker Compose
bash
# Using the provided Docker setup
chmod +x docker-run.sh
./docker-run.sh up
# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/healthBuilding from Source
bash
# Build locally if you want to customize
docker build -t mcp-cve-intelligence-server-lite:local .
docker run -d -p 13001:3001 mcp-cve-intelligence-server-lite:local📋 **For advanced Docker configuration, customization, and deployment options, see docs/DOCKER.md**
MCP Client Setup
To use this server with MCP-compatible clients, install via NPM and configure:
bash
# Quick install from NPM
npx @proug/mcp-cve-intelligence-server-lite@latest --helpVS Code Configuration:
json
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
}
}
}📋 **For complete MCP client configuration (VS Code, Claude Desktop, etc.), see the Configuration section below.**
📖 Usage
MCP Tools Available (Lite Edition)
The server provides 7 essential tools for comprehensive CVE intelligence and security analysis:
1. searchCves - Advanced CVE Search & Discovery
Search for vulnerabilities using flexible criteria with intelligent filtering:
json
{
"keyword": "apache log4j",
"severity": "CRITICAL",
"hasExploit": true,
"dateStart": "2021-01-01",
"dateEnd": "2024-12-31",
"limit": 50,
"source": "nvd"
}Advanced Examples:
json
// Search for recent RCE vulnerabilities
{
"keyword": "remote code execution",
"severity": "HIGH,CRITICAL",
"dateStart": "2024-01-01",
"hasExploit": true,
"limit": 100
}
// Find Windows privilege escalation issues
{
"keyword": "windows privilege escalation",
"severity": "MEDIUM,HIGH,CRITICAL",
"limit": 25
}2. getCveDetails - Comprehensive CVE Intelligence
Retrieve detailed vulnerability information with exploit analysis:
json
{
"cveId": "CVE-2021-44228",
"includeExploits": true,
"includeReferences": true
}Response includes:
- Complete CVSS v4/v3/v2 metrics and scoring
- CWE classifications and weakness analysis
- Affected products with CPE identifiers
- Known exploits from multiple sources
- EPSS risk scores and probability
- Vendor advisories and patches
3. getTrendingCves - Real-Time Vulnerability Intelligence
Discover currently trending vulnerabilities based on activity and severity:
json
{
"limit": 25,
"timeframe": "7d",
"minSeverity": "MEDIUM"
}Trending Analysis:
- Recently disclosed high-impact vulnerabilities
- CVEs with increasing exploit activity
- Vulnerabilities gaining security community attention
- Active discussions and proof-of-concepts
4. calculateEpssScores - Environmental Risk Assessment
Calculate context-aware EPSS scores for vulnerability prioritization:
json
{
"cveIds": ["CVE-2021-44228", "CVE-2022-22965", "CVE-2023-23397"],
"environmentContext": {
"networkExposure": "internet-facing",
"assetCriticality": "critical",
"securityControls": ["waf", "ids", "edr"],
"patchingCapability": "rapid"
}
}Environment Contexts:
networkExposure: "internal", "dmz", "internet-facing"assetCriticality: "low", "medium", "high", "critical"securityControls: Array of deployed security measurespatchingCapability: "limited", "standard", "rapid"
5. generateCveReport - Professional Security Reports
Generate comprehensive vulnerability reports in multiple formats:
json
{
"cveIds": ["CVE-2021-44228", "CVE-2022-22965"],
"format": "markdown",
"includeExploits": true,
"includeMetrics": true,
"includeMitigation": true
}Report Formats:
markdown: Professional markdown reportsjson: Structured data for automationsummary: Executive summary format
Report Sections:
- Executive summary with risk assessment
- Detailed vulnerability analysis
- Exploit availability and complexity
- Recommended mitigation strategies
- CVSS metrics and environmental scoring
6. searchByCpe - Product-Specific Vulnerability Discovery
Find vulnerabilities affecting specific products using CPE identifiers:
json
{
"cpe": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"severity": "HIGH,CRITICAL",
"hasExploit": true,
"limit": 50
}CPE Examples:
json
// Search for all Apache products
{
"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*",
"severity": "CRITICAL"
}
// Windows Server vulnerabilities
{
"cpe": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
"hasExploit": true
}
// Specific version targeting
{
"cpe": "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*",
"includeExploits": true
}7. getSourceHealth - Data Source Monitoring
Monitor the health and availability of CVE data sources:
json
{
"includeMetrics": true,
"includeLastUpdated": true
}Health Metrics:
- Source availability status
- Response times and performance
- Last successful data update
- API rate limit status
- Error rates and reliability
Command Line Interface
The server includes a comprehensive CLI for production deployment and testing:
Quick Start Commands
bash
# Quick start with HTTP transport
npm start -- quick-start --port 3001
# Start with stdio transport (default MCP)
npm start -- --transport stdio
# Start with custom configuration
npm start -- --transport http --port 3001 --log-level debugConfiguration Management
bash
# Show current configuration and environment
npm start -- configHealth Monitoring & Testing
bash
# Basic health check via HTTP endpoint
curl http://localhost:3001/health
# Test via MCP tools
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'Docker Integration
bash
# Generate Docker commands and deployment info
npm start -- docker --port 3001Advanced Options
bash
# Custom transport and networking
npm start -- --transport http --port 3001 --host 0.0.0.0
# Set log level for debugging
npm start -- --transport http --log-level debug
# Help and available commands
npm start -- --helpPractical Usage Examples
Scenario 1: Security Assessment Workflow
bash
# 1. Start the server for assessment
npm start -- quick-start --port 3001
# 2. Check source health
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'
# 3. Search for critical vulnerabilities in your stack
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchByCpe", "arguments": {"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*", "severity": "CRITICAL"}}}'
# 4. Generate assessment report
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "generateCveReport", "arguments": {"cveIds": ["CVE-2021-44228"], "format": "markdown", "includeExploits": true}}}'Scenario 2: Threat Intelligence Research
bash
# 1. Find trending vulnerabilities
npm start -- --transport http --port 3001
# 2. Research specific CVE with exploits
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "getCveDetails", "arguments": {"cveId": "CVE-2024-12345", "includeExploits": true}}}'
# 3. Calculate environmental risk
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "calculateEpssScores", "arguments": {"cveIds": ["CVE-2024-12345"], "environmentContext": {"networkExposure": "internet-facing", "assetCriticality": "critical"}}}}'Scenario 3: Penetration Testing Preparation
bash
# Search for exploitable vulnerabilities in target technology
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "windows server 2019", "hasExploit": true, "severity": "HIGH,CRITICAL", "limit": 50}}}'
# Find recent RCE vulnerabilities
curl -X POST http://localhost:3001/mcp \
-H "Content-Type: application/json" \
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "remote code execution", "dateStart": "2024-01-01", "hasExploit": true}}}'Configuration
Configure the server using environment variables or .env file:
MCP Client Configuration
To use this server with MCP-compatible clients (VS Code, Claude Desktop, etc.), you need to configure the client to connect to this server.
For VS Code:
Create a .vscode/mcp.json file in your workspace:
json
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
}
}
}Or for global configuration, run MCP: Open User Configuration in VS Code and add:
json
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
"env": {
"NVD_API_KEY": "${input:nvd-api-key}",
"GITHUB_TOKEN": "${input:github-token}"
}
}
},
"inputs": [
{
"type": "promptString",
"id": "nvd-api-key",
"description": "NVD API Key (optional)",
"password": true
},
{
"type": "promptString",
"id": "github-token",
"description": "GitHub Personal Access Token (optional)",
"password": true
}
]
}For Claude Desktop:
Add to your Claude Desktop configuration file (~/Library/Application Support/Claude/config.json on macOS):
json
{
"mcpServers": {
"cve-intelligence": {
"command": "npx",
"args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
"env": {
"NVD_API_KEY": "your-optional-nvd-api-key",
"GITHUB_TOKEN": "your-optional-github-token"
}
}
}
}For Docker Containers:
You can run the MCP server in a Docker container for enhanced security and isolation:
*VS Code Configuration (STDIO Transport):*
json
{
"servers": {
"cve-intelligence": {
"type": "stdio",
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"proug/mcp-cve-intelligence-server-lite:latest"
]
}
}
}*VS Code Configuration (HTTP Transport):*
json
{
"servers": {
"cve-intelligence": {
"url": "http://localhost:3001/mcp"
}
}
}*Claude Desktop Configuration (STDIO Transport):*
json
{
"mcpServers": {
"cve-intelligence": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"proug/mcp-cve-intelligence-server-lite:latest"
],
"env": {
"NVD_API_KEY": "your-optional-nvd-api-key",
"GITHUB_TOKEN": "your-optional-github-token"
}
}
}
}*Claude Desktop Configuration (HTTP Transport):*
json
{
"mcpServers": {
"cve-intelligence": {
"command": "docker",
"args": [
"run",
"-d",
"--rm",
"-p", "3001:3001",
"-e", "MCP_TRANSPORT_TYPE=http",
"-e", "MCP_HTTP_PORT=3001",
"-e", "MCP_HTTP_HOST=0.0.0.0",
"-e", "NVD_API_KEY=your-optional-nvd-api-key",
"-e", "GITHUB_TOKEN=your-optional-github-token",
"proug/mcp-cve-intelligence-server-lite:latest"
]
}
}
}*Docker Compose (Production Ready):*
Use the provided docker-compose.yml for production deployments:
bash
# Start with HTTP transport on port 13001
./docker-run.sh up
# Server available at: http://localhost:13001
# Health check: http://localhost:13001/health/liveNote: When using Docker, the MCP server runs in an isolated container. The Docker image is available from Docker Hub:
```bash
# Pull the latest image
docker pull proug/mcp-cve-intelligence-server-lite:latest
# Or build locally from source:
docker build -t mcp-cve-intelligence-server-lite:local .
```
For Custom Implementations:
Start the server in stdio mode and connect via standard input/output:
bash
# Start server in stdio mode (default)
npx mcp-cve-intelligence-server-lite
# Or start in HTTP mode
npx mcp-cve-intelligence-server-lite --transport http --port 3001Basic Configuration
bash
# Core server settings
export MCP_HTTP_PORT="3001"
export MCP_TRANSPORT="http" # or "stdio"
export LOG_LEVEL="info" # debug, info, warn, error
export NODE_ENV="production" # development, production, testAPI Authentication (Enhanced Functionality)
bash
# NVD API (NIST) - Higher rate limits
export NVD_API_KEY="your-nvd-api-key"
# GitHub API - Higher rate limits for security advisories
export GITHUB_TOKEN="your-github-personal-access-token"
# MITRE CVE Program - Requires CVE Program membership
export MITRE_API_KEY="your-mitre-api-key"
export MITRE_API_ORG="your-organization-name"
export MITRE_API_USER="your-username"Security Note: API keys and tokens are only accepted via environment variables for security reasons. They cannot be provided via CLI arguments.
Advanced Configuration
bash
# Rate limiting and performance
export CVE_CACHE_TTL="1800" # Cache TTL in seconds
export CVE_CACHE_MAX_SIZE="1000" # Maximum cache entries
export CVE_REQUEST_TIMEOUT="30000" # Request timeout in ms
export CVE_RETRY_ATTEMPTS="3" # Retry attempts for failed requests
# Security settings
export CVE_CORS_ORIGIN="*" # CORS allowed origins
export CVE_API_KEY_REQUIRED="false" # Require API key for access
export CVE_RATE_LIMIT="100" # Requests per window
export CVE_RATE_WINDOW="3600" # Rate limit window in seconds
# Logging and monitoring
export LOG_FILE_PATH="/app/logs" # Log file directory
export LOG_MAX_FILES="30" # Maximum log files to keep
export LOG_MAX_SIZE="100mb" # Maximum log file size
export METRICS_ENABLED="true" # Enable performance metricsEnvironment File Example
Create a .env file in your project root:
env
# .env file for MCP CVE Intelligence Server Lite
NODE_ENV=development
MCP_HTTP_PORT=3001
LOG_LEVEL=debug
# API Keys (optional but recommended)
NVD_API_KEY=your-nvd-api-key-here
GITHUB_TOKEN=ghp_your-github-token-here
# Performance tuning
CVE_CACHE_TTL=3600
CVE_REQUEST_TIMEOUT=30000
CVE_RETRY_ATTEMPTS=3
# Security
CVE_CORS_ORIGIN=http://localhost:3000,https://yourdomain.com
CVE_RATE_LIMIT=200
CVE_RATE_WINDOW=3600Docker Environment Configuration
yaml
# docker-compose.yml environment section
environment:
- NODE_ENV=production
- MCP_HTTP_PORT=3001
- LOG_LEVEL=info
- NVD_API_KEY=${NVD_API_KEY}
- GITHUB_TOKEN=${GITHUB_TOKEN}
- CVE_CACHE_TTL=1800
- CVE_RATE_LIMIT=100Authentication Details
| Source | Authentication | Required For | Setup |
|---|---|---|---|
| NVD | Optional API key | Higher rate limits | NVD_API_KEY |
| GitHub | Optional token | Higher rate limits | GITHUB_TOKEN |
| MITRE | CVE Program membership | Search functionality | MITRE_API_KEY, MITRE_API_ORG, MITRE_API_USER |
Note: MITRE search requires CVE Program membership with Secretariat role. Individual CVE lookups work without authentication.
📋 **For Docker-specific configuration and deployment options, see docs/DOCKER.md**
🏗️ Architecture (Lite Edition)
Core Components
- CVE Service: Central intelligence engine for vulnerability analysis
- Source Manager: Manages multiple CVE data sources with failover
- Transport Manager: Handles both STDIO and HTTP transport protocols
- Health Service: Monitors data source availability and performance
- Exploit Intelligence: Pattern-based exploit discovery and classification
Data Sources (Lite Configuration)
| Source | Purpose | Features | Authentication |
|---|---|---|---|
| NVD (NIST) | Primary CVE database | CVSS metrics, CPE matching, essential search | Optional (API key) |
| MITRE | Authoritative CVE records | Official assignments, CWE mappings, CVE JSON 5.1 | CVE Program membership |
| GitHub Security | Modern vulnerability advisories | GHSA identifiers, ecosystem-specific data | Optional (token) |
Exploit Sources (Lite Pattern Detection)
- Exploit-DB: Verified exploits with detailed documentation and proof-of-concepts
- GitHub PoCs: Cutting-edge research and proof-of-concept repositories
- Metasploit Framework: Professional penetration testing modules and exploits
- PacketStorm Security: Curated security exploits and security advisories
🔧 Development
Quick Development Setup
bash
# Clone and setup
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
npm install
# Build and run
npm run build
npm start📋 **For detailed development workflow, debugging, testing procedures, and contribution guidelines, see CONTRIBUTING.md**
📊 Performance Features (Lite Edition)
- Essential Caching: Smart caching reduces API calls and improves response times
- Streamlined Processing: Optimized source queries for faster results
- Retry Logic: Exponential backoff with circuit breaker for reliable API communication
- Request Optimization: Prevents duplicate API calls within time windows
- Performance Monitoring: Built-in timing, metrics collection, and health checks
- Connection Management: Efficient HTTP connection handling
- Rate Limiting: Source-specific throttling respecting API limits and quotas
🔒 Security Considerations
- Input Validation: Comprehensive Zod schema validation for all inputs
- Sanitization: Multi-layer input sanitization preventing injection attacks
- Rate Limiting: Request throttling with client identification and blocking
- Error Handling: Secure error messages without sensitive data exposure
- Type Safety: Strict TypeScript implementation preventing runtime errors
- API Key Management: Secure environment variable handling with validation
- Transport Security: HTTPS enforcement and secure headers
- Session Management: Secure session handling for HTTP transport
🌟 Use Cases (Lite Edition)
For Security Professionals
- Vulnerability Assessment: Essential CVE research and analysis
- Threat Intelligence: Real-time vulnerability trending and prioritization
- Penetration Testing: Exploit discovery and pattern analysis
- Compliance Reporting: Professional vulnerability reports
For AI/LLM Integration
- Context-Aware Security: Provide vulnerability context to AI models
- Automated Research: Enable AI-driven security research workflows
- Intelligent Prioritization: AI-assisted vulnerability triage
- Report Generation: Automated security documentation
🤝 Contributing
We welcome contributions! Please see our Contributing Guide for details on:
- Setting up the development environment
- Code style guidelines
- Submitting pull requests
- Reporting bugs and feature requests
🛡️ Security
This project follows security best practices:
- Responsible Disclosure: See our Security Policy for reporting vulnerabilities
- Secure Development: All releases go through automated security scanning and approval processes
- Access Control: Repository access is restricted to verified maintainers
- Audit Trail: All production deployments are tracked and require approval
For security concerns, please see our Security Policy.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙋♂️ Support
- GitHub Issues: Report bugs or request features
- GitHub Discussions: Community discussions and questions
- Documentation: Check the inline code documentation for API details
🏆 Credits
- NIST NVD: Primary vulnerability database
- MITRE Corporation: CVE numbering authority
- GitHub Security: Modern security advisory platform
- Model Context Protocol: AI integration framework
---
Built with ❤️ for the cybersecurity community
MCP CVE Intelligence Server Lite - Essential CVE intelligence for security professionals
Similar MCP
Based on tags & features
Trending MCP
Most active this week