The NVD Database MCP Server provides a Model Context Protocol implementation that allows you to query the NIST National Vulnerability Database (NVD) via its API. This server works with Claude Desktop app and other MCP compliant hosts and clients using both stdio and SSE transports. You'll need an NVD API key to use this server.
uv package manager (recommended)pip install mcp-nvd
Or using uv:
uv pip install mcp-nvd
To use the MCP server with Claude Desktop:
Locate your Claude Desktop configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%/Claude/claude_desktop_config.jsonAdd the following configuration:
{
"mcpServers": {
"mcp-nvd": {
"command": "/path/to/uvx",
"args": ["mcp-nvd"],
"env": {
"NVD_API_KEY": "your-api-key"
}
}
}
}
/path/to/uvx with the absolute path to your uvx executable (find it using which uvx in terminal)your-api-key with your actual NVD API keyThe MCP-NVD server provides two main tools to query the NVD database:
Use the get_cve tool to retrieve detailed information about a specific CVE:
cve_id: The CVE identifier (e.g., CVE-2019-1010218)concise: Set to True for a shorter format (default: False)Use the search_cve tool to search for vulnerabilities:
keyword: Search term (e.g., Red Hat)exact_match: Set to True to require exact phrase match (default: False)concise: Set to True for shorter records (default: False)results: Maximum number of CVE records to return (default: 10, range: 1-2000)You can run the MCP-NVD server directly with SSE transport:
export NVD_API_KEY="your-api-key"
uvx mcp-nvd --transport sse --port 9090
# Get a specific CVE
uvx client.py http://localhost:9090/sse CVE-2019-1010218
# Search for CVEs (default 10 results)
uvx client.py http://localhost:9090/sse "search:Red Hat"
# Search with exact match, limiting to 5 results
uvx client.py http://localhost:9090/sse "search:Microsoft Windows:exact:5"
# Run with environment variable
docker run -d -p 9090:9090 -e NVD_API_KEY="your-key" mcp-nvd:latest
# Run with .env file
docker run -d -p 9090:9090 -v /path/to/.env:/app/.env mcp-nvd:latest
# Run with custom port
docker run -d -p 8080:8080 -e NVD_API_KEY="your-key" mcp-nvd:latest uv run mcp-nvd --transport sse --port 8080 --host 0.0.0.0
# Check server logs
docker logs <container_id>
# Test with a sample request
uvx client.py http://localhost:9090/sse CVE-2019-1010218
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"cursor-rules-mcp": {
"command": "npx",
"args": [
"-y",
"cursor-rules-mcp"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.