NVD CVE MCP Server

![npm version](https://www.npmjs.com/package/nvd-cve-mcp-server)
![License: MIT](https://opensource.org/licenses/MIT)

A Model Context Protocol (MCP) server for retrieving and displaying CVE vulnerability information from the National Vulnerability Database (NVD). Features dual data sources with NVD API and web scraping fallback.

✨ Features

- 🔍 CVE Details Lookup: Retrieve complete vulnerability information by CVE ID
- 🔎 Keyword Search: Search for CVE vulnerabilities by keywords
- 📊 Formatted Output: Display vulnerability information in elegant Markdown format
- 🔄 Dual Data Sources: API-first approach with web scraping as fallback
- 🌐 Multi-language Support: Full support for both English and Chinese

📦 Installation

$3

- Node.js >= 18.0.0
- npm or yarn

$3

No installation required! Use directly with npx:

``json { "mcpServers": { "nvd-cve": { "command": "npx", "args": ["-y", "nvd-cve-mcp-server"] } } }`

`$3`

`bash npm install -g nvd-cve-mcp-server`

`$3`

`bash npm install nvd-cve-mcp-server`

`🚀 Usage`

`$3`

Configure in Claude Desktop or other MCP-compatible applications:

macOS/Linux (~/Library/Application Support/Claude/claude_desktop_config.json):

`json { "mcpServers": { "nvd-cve": { "command": "npx", "args": ["-y", "nvd-cve-mcp-server"] } } }`

Windows (%APPDATA%\Claude\claude_desktop_config.json):

`json { "mcpServers": { "nvd-cve": { "command": "npx", "args": ["-y", "nvd-cve-mcp-server"] } } }`

`$3`

`bash npm start`

`🛠️ Available Tools`

`$3`

Retrieve detailed information for a specific CVE.

Parameters: -cve_id (required): CVE ID in format CVE-YYYY-NNNNN

Example:`Get details for CVE-2025-13583`

Output Format:`markdown

`CVE-2025-13583`

`📊 Basic Information`

- CVE ID: CVE-2025-13583 - CVSS Score: 9.8 - Severity: CRITICAL - Published: 2025-11-23 - Last Modified: 2025-11-26 - CWE Type: CWE-89

`📝 Description`

[Detailed vulnerability description]

`🔗 References`

1. VulDB 2. GitHub Issue

`🌐 Official Links`

- NVD Details - CVE Record`

`$3`

Search for CVE vulnerabilities by keyword.

Parameters: -keyword(required): Search keyword -limit (optional): Number of results to return (default: 10, max: 20)

Example:`Search for CVEs related to "SQL injection" Search for "WordPress" vulnerabilities, limit to 5 results`

Output Format:`markdown

`CVE Search Results: "SQL injection"`

Found 10 related vulnerabilities

| CVE ID | Severity | CVSS | Published | Description | |--------|----------|------|-----------|-------------| | CVE-2025-13583 | CRITICAL | 9.8 | 2025-11-23 | A vulnerability has been found in code-projects... | | CVE-2025-13582 | HIGH | 7.3 | 2025-11-23 | A vulnerability was found in code-projects... |`

`📋 Usage Examples`

`$3`

1. Query Specific CVE:`Please help me query CVE-2025-13583 details`

2. Search Vulnerabilities:`Search for recent SQL injection vulnerabilities`

3. Search by Product:`Find WordPress-related CVE vulnerabilities`

`🔧 Technical Architecture`

`$3`

1. NVD API (Primary) - Official REST API:https://services.nvd.nist.gov/rest/json/cves/2.0- Provides structured JSON data - Includes complete CVSS scores, CWE classifications, etc.

2. NVD Web (Fallback) - Web scraping when API is unavailable - Uses Cheerio for HTML parsing - Extracts key vulnerability information

`$3`

- @modelcontextprotocol/sdk: MCP protocol implementation -axios: HTTP client -cheerio: HTML parser

`📊 Data Format`

`$3`

`javascript { id: "CVE-2025-13583", description: "Vulnerability description...", cvssScore: 9.8, severity: "CRITICAL", published: "2025-11-23T10:15:03.000", lastModified: "2025-11-26T12:39:31.000", references: [ { url: "https://example.com", source: "VulDB" } ], cweId: "CWE-89", source: "api" // or "web" }`

`⚠️ Important Notes`

1. API Rate Limits: NVD API has rate limits, please use responsibly 2. Network Requirements: Requires access to nvd.nist.gov 3. Data Freshness: CVE information is updated regularly, check for latest data 4. Format Validation: CVE ID must follow CVE-YYYY-NNNNN format

`🐛 Troubleshooting`

`$3`

1. API Timeout - Check network connection - System will automatically switch to web scraping mode

2. CVE Not Found - Verify CVE ID format is correct - Check if CVE has been published to NVD

3. No Search Results - Try using more general keywords - Check spelling

`📝 Development`

`$3`

`nvd-cve-mcp-server/ ├── src/ │ └── index.js # Main server code ├── package.json # Project configuration └── README.md # Documentation`

`$3`

`bash

`Development mode (auto-restart)`


npm run dev
Production mode

npm start

🤝 Contributing

Issues and Pull Requests are welcome!

📄 License

MIT License

👥 Author

SOCTeam.AI

---

Note: This tool is for security research and educational purposes only. Please comply with relevant laws, regulations, and ethical standards.

NVD CVE MCP Server

![npm version](https://www.npmjs.com/package/nvd-cve-mcp-server)
![License: MIT](https://opensource.org/licenses/MIT)

✨ Features

📦 Installation

$3

- Node.js >= 18.0.0
- npm or yarn

$3

No installation required! Use directly with npx:

``json { "mcpServers": { "nvd-cve": { "command": "npx", "args": ["-y", "nvd-cve-mcp-server"] } } }`

`$3`

`bash npm install -g nvd-cve-mcp-server`

`$3`

`bash npm install nvd-cve-mcp-server`

`🚀 Usage`

`$3`

Configure in Claude Desktop or other MCP-compatible applications:

macOS/Linux (~/Library/Application Support/Claude/claude_desktop_config.json):

`json { "mcpServers": { "nvd-cve": { "command": "npx", "args": ["-y", "nvd-cve-mcp-server"] } } }`

Windows (%APPDATA%\Claude\claude_desktop_config.json):

`json { "mcpServers": { "nvd-cve": { "command": "npx", "args": ["-y", "nvd-cve-mcp-server"] } } }`

`$3`

`bash npm start`

`🛠️ Available Tools`

`$3`

Retrieve detailed information for a specific CVE.

Parameters: -cve_id (required): CVE ID in format CVE-YYYY-NNNNN

Example:`Get details for CVE-2025-13583`

Output Format:`markdown

`CVE-2025-13583`

`📊 Basic Information`

- CVE ID: CVE-2025-13583 - CVSS Score: 9.8 - Severity: CRITICAL - Published: 2025-11-23 - Last Modified: 2025-11-26 - CWE Type: CWE-89

`📝 Description`

[Detailed vulnerability description]

`🔗 References`

1. VulDB 2. GitHub Issue

`🌐 Official Links`

- NVD Details - CVE Record`

`$3`

Search for CVE vulnerabilities by keyword.

Parameters: -keyword(required): Search keyword -limit (optional): Number of results to return (default: 10, max: 20)

Example:`Search for CVEs related to "SQL injection" Search for "WordPress" vulnerabilities, limit to 5 results`

Output Format:`markdown

`CVE Search Results: "SQL injection"`

Found 10 related vulnerabilities

`📋 Usage Examples`

`$3`

1. Query Specific CVE:`Please help me query CVE-2025-13583 details`

2. Search Vulnerabilities:`Search for recent SQL injection vulnerabilities`

3. Search by Product:`Find WordPress-related CVE vulnerabilities`

`🔧 Technical Architecture`

`$3`

1. NVD API (Primary) - Official REST API:https://services.nvd.nist.gov/rest/json/cves/2.0- Provides structured JSON data - Includes complete CVSS scores, CWE classifications, etc.

2. NVD Web (Fallback) - Web scraping when API is unavailable - Uses Cheerio for HTML parsing - Extracts key vulnerability information

`$3`

- @modelcontextprotocol/sdk: MCP protocol implementation -axios: HTTP client -cheerio: HTML parser

`📊 Data Format`

`$3`

`⚠️ Important Notes`

`🐛 Troubleshooting`

`$3`

1. API Timeout - Check network connection - System will automatically switch to web scraping mode

2. CVE Not Found - Verify CVE ID format is correct - Check if CVE has been published to NVD

3. No Search Results - Try using more general keywords - Check spelling

`📝 Development`

`$3`

`nvd-cve-mcp-server/ ├── src/ │ └── index.js # Main server code ├── package.json # Project configuration └── README.md # Documentation`

`$3`

`bash

`Development mode (auto-restart)`


npm run dev
Production mode

npm start

🤝 Contributing

Issues and Pull Requests are welcome!

📄 License

MIT License

👥 Author

SOCTeam.AI

---

Note: This tool is for security research and educational purposes only. Please comply with relevant laws, regulations, and ethical standards.

nvd-cve-mcp-server

NVD CVE MCP Server

✨ Features

📦 Installation

$3

$3

$3

$3

🚀 Usage

$3

$3

🛠️ Available Tools

$3

CVE-2025-13583

📊 Basic Information

📝 Description

🔗 References

🌐 Official Links

$3

CVE Search Results: "SQL injection"

📋 Usage Examples

$3

🔧 Technical Architecture

$3

$3

📊 Data Format

$3

⚠️ Important Notes

🐛 Troubleshooting

$3

📝 Development

$3

$3

Development mode (auto-restart)

Production mode

🤝 Contributing

📄 License

👥 Author

🔗 Related Links

nvd-cve-mcp-server

NVD CVE MCP Server

✨ Features

📦 Installation

$3

$3

$3

$3

🚀 Usage

$3

$3

🛠️ Available Tools

$3

CVE-2025-13583

📊 Basic Information

📝 Description

🔗 References

🌐 Official Links

$3

CVE Search Results: "SQL injection"

📋 Usage Examples

$3

🔧 Technical Architecture

$3

$3

📊 Data Format

$3

⚠️ Important Notes

🐛 Troubleshooting

$3

📝 Development

$3

$3

Development mode (auto-restart)

Production mode

🤝 Contributing

📄 License

👥 Author

🔗 Related Links

`$3`

`$3`

`🚀 Usage`

`$3`

`$3`

`🛠️ Available Tools`

`$3`

`CVE-2025-13583`

`📊 Basic Information`

`📝 Description`

`🔗 References`

`🌐 Official Links`

`$3`

`CVE Search Results: "SQL injection"`

`📋 Usage Examples`

`$3`

`🔧 Technical Architecture`

`$3`

`$3`

`📊 Data Format`

`$3`

`⚠️ Important Notes`

`🐛 Troubleshooting`

`$3`

`📝 Development`

`$3`

`$3`

`Development mode (auto-restart)`

`$3`

`$3`

`🚀 Usage`

`$3`

`$3`

`🛠️ Available Tools`

`$3`

`CVE-2025-13583`

`📊 Basic Information`

`📝 Description`

`🔗 References`

`🌐 Official Links`

`$3`

`CVE Search Results: "SQL injection"`

`📋 Usage Examples`

`$3`

`🔧 Technical Architecture`

`$3`

`$3`

`📊 Data Format`

`$3`

`⚠️ Important Notes`

`🐛 Troubleshooting`

`$3`

`📝 Development`

`$3`

`$3`

`Development mode (auto-restart)`