CVE Security Intelligence

v1.0.0Securitystable

Production-grade MCP server giving Claude 27 security intelligence tools across 21 APIs — CVE lookup, EPSS scoring, CISA KEV, MITRE ATT&CK, Shodan, VirusTotal, and more.

cisa-kevclaude-aicvecybersecuritydevsecops
Share:
570
Stars
0
Downloads
0
Weekly
0/5

What is CVE Security Intelligence?

CVE Security Intelligence is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to production-grade mcp server giving claude 27 security intelligence tools across 21 apis — cve lookup, epss scoring, cisa kev, mitre att&ck, shodan, virustotal, and more.

Production-grade MCP server giving Claude 27 security intelligence tools across 21 APIs — CVE lookup, EPSS scoring, CISA KEV, MITRE ATT&CK, Shodan, VirusTotal, and more.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Production-grade MCP server giving Claude 27 security intell

Use Cases

Production-grade security analysis
27 tools across 21 vulnerability APIs
MITRE ATT&CK and Shodan integration
mukul975

Maintainer

LicenseApache-2.0
Languagepython
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx cve

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use CVE Security Intelligence

This CVE Security Intelligence MCP server exposes 27 production-grade security tools to Claude, drawing on 21 APIs including NVD, EPSS, CISA KEV, MITRE ATT&CK, Shodan, VirusTotal, AbuseIPDB, and GreyNoise. It covers the full vulnerability lifecycle — from CVE lookup and CVSS parsing to composite risk scoring, exploit intelligence, IP reputation, dependency scanning, and ransomware tracking. Security analysts and DevSecOps engineers use it to consolidate multi-source threat intelligence into a single conversational interface without manually querying each platform.

Prerequisites

  • Python 3.9+ with pip and venv support
  • Git to clone the repository from github.com/mukul975/cve-mcp-server
  • NVD API key (free at nvd.nist.gov) — eight tools work with no keys at all
  • Optional: GitHub token, VirusTotal key, Shodan key, AbuseIPDB key, GreyNoise key
  • Claude Desktop or another MCP-compatible client
1

Clone and enter the repository

Download the server source code from GitHub.

git clone https://github.com/mukul975/cve-mcp-server.git
cd cve-mcp-server
2

Set up a Python virtual environment

Create an isolated environment so the server's dependencies don't conflict with other Python projects on your system.

python -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate
3

Install dependencies

Install the package and all required libraries.

pip install -e .
4

Gather API keys

For full access to all 27 tools, register for free API keys: NVD (nvd.nist.gov), GitHub (github.com/settings/tokens), VirusTotal (virustotal.com), Shodan (shodan.io), AbuseIPDB (abuseipdb.com), and GreyNoise (greynoise.io). All have free tiers.

5

Add configuration to Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows) and add the server block with your API keys and the absolute path to the repository.

{
  "mcpServers": {
    "cve-mcp": {
      "command": "python",
      "args": ["-m", "cve_mcp.server"],
      "cwd": "/absolute/path/to/cve-mcp-server",
      "env": {
        "NVD_API_KEY": "your-nvd-api-key",
        "GITHUB_TOKEN": "ghp_xxxxxxxxxxxxxxxxxxxx",
        "VIRUSTOTAL_KEY": "your-virustotal-key",
        "ABUSEIPDB_KEY": "your-abuseipdb-key",
        "GREYNOISE_API_KEY": "your-greynoise-key",
        "SHODAN_KEY": "your-shodan-key"
      }
    }
  }
}
6

Restart Claude Desktop

Fully quit and relaunch Claude Desktop so it loads the new MCP server. The CVE security tools should now appear in Claude's available tool set.

CVE Security Intelligence Examples

Client configuration

Claude Desktop JSON configuration block for the CVE Security Intelligence server.

{
  "mcpServers": {
    "cve-mcp": {
      "command": "python",
      "args": ["-m", "cve_mcp.server"],
      "cwd": "/absolute/path/to/cve-mcp-server",
      "env": {
        "NVD_API_KEY": "your-nvd-api-key",
        "GITHUB_TOKEN": "ghp_xxxxxxxxxxxxxxxxxxxx",
        "VIRUSTOTAL_KEY": "your-virustotal-key",
        "SHODAN_KEY": "your-shodan-key"
      }
    }
  }
}

Prompts to try

Real prompts that exercise the 27 security intelligence tools in this server.

- "Look up CVE-2024-3094 and give me the EPSS score, KEV status, and any public PoC exploits"
- "Calculate composite risk scores for CVE-2023-44487 and CVE-2024-21762 and tell me which to patch first"
- "Scan this IP 185.220.101.5 for abuse history, GreyNoise classification, and Shodan open ports"
- "Check if any of these packages have known CVEs: [email protected], [email protected], [email protected]"
- "Get trending CVEs this week and map them to MITRE ATT&CK techniques"

Troubleshooting CVE Security Intelligence

Server fails to start with 'ModuleNotFoundError: No module named cve_mcp'

Make sure you ran 'pip install -e .' inside the virtual environment from the repository root. Also verify that the 'cwd' field in the config points to the exact directory where you cloned the repository.

Rate limit errors from NVD when running multiple CVE queries

Without NVD_API_KEY you are limited to 5 requests per 30 seconds. Register for a free key at nvd.nist.gov/developers/request-an-api-key and add it to the env section — this increases the limit to 50 per 30 seconds.

IP intelligence tools return no data

Shodan, AbuseIPDB, and GreyNoise tools each require their own API key (SHODAN_KEY, ABUSEIPDB_KEY, GREYNOISE_API_KEY). Register at their respective websites — all have free community tiers — and add the keys to the env block in your config.

Frequently Asked Questions about CVE Security Intelligence

What is CVE Security Intelligence?

CVE Security Intelligence is a Model Context Protocol (MCP) server that production-grade mcp server giving claude 27 security intelligence tools across 21 apis — cve lookup, epss scoring, cisa kev, mitre att&ck, shodan, virustotal, and more. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install CVE Security Intelligence?

Follow the installation instructions on the CVE Security Intelligence GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with CVE Security Intelligence?

CVE Security Intelligence works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is CVE Security Intelligence free to use?

Yes, CVE Security Intelligence is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

CVE Security Intelligence Alternatives — Similar Security Servers

Looking for alternatives to CVE Security Intelligence? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "cve": { "command": "npx", "args": ["-y", "cve"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use CVE Security Intelligence?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides