CVE-Search MCP: Instant CVE Lookup & Real-Time Threat Tracking

What is CVE-Search MCP: Instant CVE Lookup & Real-Time Threat Tracking?

CVE-Search MCP is a Model Context Protocol (MCP) server designed to simplify access to the CVE-Search API. It acts as a bridge for developers and security teams to quickly retrieve CVE details, track emerging threats, and integrate vulnerability data into workflows. By leveraging MCP, users can efficiently query critical information like vendor/product listings, specific CVE entries, and real-time updates without diving into complex API interactions.

How to use CVE-Search MCP: Instant CVE Lookup & Real-Time Threat Tracking?

Getting started is straightforward:

1. Clone the repository:
   git clone https://github.com/roadwy/cve-search_mcp.git
2. Install dependencies:
   Navigate to the project folder and run uv sync to set up required tools like Python 3.10+ and MCP clients (e.g., Cline/Roo Code).
3. Configure your MCP client:
   Update the `command` and `args` fields in your editor’s config file to point to the server’s directory. For example:

"cve-search_mcp": {
  "command": "uv",
  "args": ["--directory", "YOUR_DIR_PATH", "run", "main.py"],
  "disabled": false
}

Key Features of CVE-Search MCP: Instant CVE Lookup & Real-Time Threat Tracking?

• Vendor/Product Discovery: Fetch comprehensive JSON listings of all vendors and their associated products.
• Targeted Vulnerability Queries: Retrieve CVE data by ID, vendor, or specific product, with detailed CAPEC/CWE/CPE mappings.
• Real-Time Updates: Get the latest 30 CVE entries automatically, ensuring you’re always aware of emerging threats.
• Database Insights: Check metadata about the underlying CVE-Search databases, including last update timestamps.

Use cases of CVE-Search MCP: Instant CVE Lookup & Real-Time Threat Tracking?

Whether you’re a security analyst, developer, or auditor, this tool adapts to your needs:

• Threat Monitoring: Set up alerts for new CVEs affecting your organization’s tech stack.
• Code Integration: Embed CVE checks directly into CI/CD pipelines or IDEs for proactive risk mitigation.
• Audit Reporting: Quickly generate compliance reports by pulling standardized vulnerability data.
• Red Team Exercises: Simulate attacks using the latest exploit data for penetration testing scenarios.

FAQ: Common Questions About CVE-Search MCP

Here’s what users often ask:

• Do I need Python 3.10? Yes, the server relies on syntax and libraries introduced in this version.
• How do I update vulnerability data? The API auto-syncs with CVE-Search’s database—no manual refresh required.
• Is there a documentation guide? Full docs are available here, including troubleshooting tips.
• Can it work with VS Code? Yes, via MCP clients like Roo Code that support VS Code extensions.

CVE-Search MCP Server

A Model Context Protocol (MCP) server for querying the CVE-Search API. This server provides comprehensive access to CVE-Search, browse vendor and product、get CVE per CVE-ID、get the last updated CVEs.

Requirements

• python 3.10+
• uv
• Cline、Roo Code etc

Tools

• To get a JSON with all the vendors
• To get a JSON with all the products associated to a vendor
• To get a JSON with all the vulnerabilities per vendor and a specific product
• To get a JSON of a specific CVE ID
• To get a JSON of the last 30 CVEs including CAPEC, CWE and CPE expansions
• To get more information about the current databases in use and when it was updated

Quick Start

1. Git clone this repository

git clone https://github.com/roadwy/cve-search_mcp.git

2. Install the dependencies

cd cve-search_mcp
uv sync

3.Add to your mcp client(vscode with cline/roo code) configuration file, modify the "YOU_CVE_SEARCH_MCP_DIR_PATH" as you self dir.

    "cve-search_mcp": {
      "command": "uv",
      "args": [
        "--directory",
        "YOU_CVE_SEARCH_MCP_DIR_PATH",
        "run",
        "main.py"
      ],
      "disabled": false,
      "autoApprove": []
    }

Reference

https://github.com/cve-search/cve-search