nvd-mcp-server

nvd-mcp-server

1
security

The NVD MCP Server integrates the National Vulnerability Database with AI-powered development environments, enabling developers to query and receive real-time security data using natural language. It supports features like CVE lookups, keyword searches, and severity filtering, all from within an IDE.

NVD MCP Server

Stay ahead of security threats without breaking your flow. The NVD MCP Server is your gateway to the National Vulnerability Database (NVD), seamlessly integrated into AI-powered development environments like Windsurf. Ask questions in plain English, get real-time vulnerability data, and keep your code secure—all from within your IDE. Built on the Model Context Protocol (MCP), this server bridges conversational queries with the NVD's extensive security database, empowering developers to stay informed effortlessly.

Features

  • CVE Details Lookup: Ask "What's the scoop on CVE-2023-1234?" and get a detailed breakdown—description, CVSS score, severity, and more.
  • Keyword Search: Type "Find CVEs related to Apache" to uncover vulnerabilities tied to specific technologies or keywords.
  • Recent CVEs: Use "Show me the latest CVEs from the past week" to stay updated on newly reported vulnerabilities.
  • Severity Filtering: Filter with "List critical vulnerabilities" to zero in on the most urgent security risks.

Requirements

  • Python 3.8 or higher
  • Dependencies:
    • mcp
    • httpx
    • python-dotenv

Install them with: pip install mcp httpx python-dotenv

Installation

  1. Clone the repository:
cd nvd-mcp-server
  1. Set up a virtual environment:
source venv/bin/activate  # On Windows: venv\Scripts\activate
  1. Install dependencies:
  • pip install -r requirements.txt
  1. Configure your NVD API key:

Usage

  1. Launch the server:
  • python nvd_mcp.py --transport stdio
  1. Connect your client/IDE/agent to communicate with this MCP server.
  • Eg, if you're on Claude Desktop, go to Claude > Settings > Developer > Edit Config > claude_desktop_config.json to include the following:
{
  "mcpServers": {
    "nvd": {
      "command": "uv",
      "args": ["--directory", "/Path to nvd_mcp directory", "run", "nvd_mcp.py"]
    }
  }
}
  1. Query away with natural language:

  • "What's the deal with CVE-2023-1234?" Returns detailed CVE info, like description and severity.

  • "Any recent critical vulnerabilities?" Lists the latest CVEs with critical severity.

  • "Search for CVEs mentioning Apache." Shows vulnerabilities related to Apache.

Configuration

  • API Key: Store your NVD API key securely in keys.env as NVD_API_KEY=your_api_key_here.

  • Transport Mechanism:

    • Default: --transport stdio for local use.
    • For networked setups, use --transport http (ensure proper security, like HTTPS).

Contributing

We’d love your help to make this project even better!

Acknowledgments

  • Anthropic for the MCP framework.
  • NIST for maintaining the NVD.
  • You for checking out this project!

NVD MCP Server

Stars Issues

Stay ahead of security threats without breaking your flow...

Disclaimer

This is a third-party integration and not made by NIST. Made by Sockcymbal.