Cybersecurity Vulnerability Intelligence MCP Server
Unified vulnerability intelligence from 4 government data sources in a single MCP server. Get enriched CVE lookups with CVSS scores, active exploitation status, exploitation probability, and ATT&CK techniques in one call.
| Source | What It Provides | Update Frequency |
|---|---|---|
| NIST NVD 2.0 | CVE details, CVSS scores, descriptions, references, CWE classifications | Continuous |
| CISA KEV | Actively exploited vulnerabilities catalog, remediation deadlines | Daily |
| FIRST.org EPSS | Exploitation probability scores (0-1) predicting likelihood of exploitation in next 30 days | Daily |
| MITRE ATT&CK | Adversary techniques mapped to CVEs | Quarterly |
Tools
vuln_lookup_cve — Enriched CVE Lookup
The killer feature. Look up any CVE and get intelligence from all 4 sources in a single call.
- Input:
{ cveId: "CVE-2021-44228" } - Returns: NVD details + CVSS score + KEV exploitation status + EPSS probability + ATT&CK techniques
vuln_search — Search CVEs
Search the NVD by keyword, severity, and date range. Optionally filter to only actively exploited (KEV) vulnerabilities.
- Input:
{ keyword: "apache log4j", severity: "CRITICAL", hasKev: true, limit: 20 }
vuln_kev_latest — Recently Exploited Vulnerabilities
Get vulnerabilities recently added to CISA's Known Exploited Vulnerabilities catalog.
- Input:
{ days: 7, limit: 20 }
vuln_kev_due_soon — Upcoming Remediation Deadlines
Get KEV entries with remediation deadlines approaching. Critical for federal compliance.
- Input:
{ days: 14, limit: 20 }
vuln_epss_top — Highest Exploitation Probability
Get CVEs most likely to be exploited in the next 30 days based on EPSS machine learning model.
- Input:
{ threshold: 0.7, limit: 20 }
vuln_trending — Newly Published Critical CVEs
Get recently published high/critical severity CVEs from the NVD.
- Input:
{ days: 3, severity: "CRITICAL", limit: 20 }
vuln_by_vendor — Vendor Vulnerability Assessment
Search CVEs for a specific vendor/product. Cross-references with CISA KEV to flag actively exploited issues.
- Input:
{ vendor: "microsoft", product: "windows", limit: 20 }
Use Cases
- Vulnerability triage: Look up a CVE and instantly know if it's actively exploited, its EPSS score, and what ATT&CK techniques apply
- Patch prioritization: Combine KEV status + EPSS scores to prioritize remediation
- Compliance tracking: Monitor upcoming CISA KEV remediation deadlines
- Threat intelligence: Track trending CVEs and newly weaponized vulnerabilities
- Vendor risk assessment: Assess a vendor's vulnerability exposure and active exploitation status
Quick Start
Glama (hosted)
Install from Glama.ai.
Apify (hosted)
{
"mcpServers": {
"cybersecurity": {
"url": "https://cybersecurity-vuln-mcp.apify.actor/mcp"
}
}
}
Claude Desktop / Claude Code
{
"mcpServers": {
"cybersecurity": {
"command": "node",
"args": ["path/to/servers/cybersecurity-vuln-mcp/dist/stdio.js"],
"env": {
"NVD_API_KEY": "your-key-here"
}
}
}
}
Local (stdio)
git clone https://github.com/martc03/gov-mcp-servers.git
cd gov-mcp-servers/servers/cybersecurity-vuln-mcp
npm install && npm run build
node dist/stdio.js
Environment Variables
| Variable | Required | Description |
|---|---|---|
NVD_API_KEY | No | NVD API key for higher rate limits (50 req/30s vs 5 req/30s). Register here. |
Caching
| Data Source | TTL | Notes |
|---|---|---|
| NVD CVE lookups | 1 hour | Per-CVE |
| CISA KEV catalog | 2 hours | Full catalog |
| EPSS scores | 24 hours | Per-CVE |
| ATT&CK mappings | Static | Bundled with server |
Architecture
- Protocol: MCP over stdio (Glama/local) or Streamable HTTP (Apify)
- Runtime: Node.js 18+, TypeScript
- Data: Direct API calls to free government data sources, zero cost
- Caching: In-memory with configurable TTLs
Other Servers in This Repo
This repository contains 13 MCP servers for US government data. See each server's README for details.
| Server | Tools | Data Sources |
|---|---|---|
| us-safety-recalls-mcp | 4 | NHTSA recalls, FDA recalls |
| natural-disaster-intel-mcp | 4 | FEMA disasters, NOAA weather, USGS earthquakes |
| federal-financial-intel-mcp | 4 | SEC EDGAR, CFPB complaints, BLS employment |
| immigration-travel-mcp | 3 | Visa bulletins, border wait times |
| environmental-compliance-mcp | 3 | EPA air quality, HUD foreclosures |
| gov-contracts-mcp | 4 | SAM.gov contracts, USAspending |
| court-records-mcp | 4 | PACER, federal court records |
| public-health-mcp | 4 | NIH clinical trials, FDA adverse events |
| business-entity-mcp | 4 | SEC company search, SBA resources |
| regulatory-monitor-mcp | 4 | Federal Register, regulations.gov |
| grant-finder-mcp | 4 | Grants.gov, USAspending |
| competitive-intel-mcp | 4 | SEC filings, patent data, trade data |
A REST API gateway with 45 endpoints is also available at govdata-api.netlify.app.
Attribution
- NVD: This product uses data from the NVD API but is not endorsed or certified by the NVD.
- EPSS: Data provided by FIRST.org (https://www.first.org/epss/).
- ATT&CK: Registered trademark of The MITRE Corporation. Licensed under Apache 2.0.
- KEV: CISA Known Exploited Vulnerabilities Catalog, US Government public domain.
Custom MCP Server Development
Need a custom MCP server for your business? Visit mcpdev.netlify.app or email codee.mcpdev@gmail.com.
License
MIT