playbooks
Learn Cursor Rules Windsurf Rules MCPs Modes
AI Image Editor
Log in

CVE-Search MCP server

Integrates with the CVE-CIRCL API to enable searching and retrieving vulnerability information from the Common Vulnerabilities and Exposures database for security research, patch verification, and security assessments.
Back to servers
Provider
roadwy
Release date
Mar 12, 2025
Language
Python
Stats
19 stars
View on GitHub

This MCP server acts as a bridge between your AI models and the CVE-Search API, enabling you to easily query vulnerability information. It provides access to CVE data, vendor/product information, and vulnerability details without requiring direct API implementation.

Installation

Prerequisites

  • Python 3.10 or higher
  • uv package manager
  • An MCP client (like Cline or Roo Code)

Setup Steps

  1. Clone the repository:

    git clone https://github.com/roadwy/cve-search_mcp.git

  2. Install dependencies:

    cd cve-search_mcp
uv sync

  3. Configure your MCP client: Add the following configuration to your MCP client settings file (replace "YOU_CVE_SEARCH_MCP_DIR_PATH" with your actual directory path):

    "cve-search_mcp": {
  "command": "uv",
  "args": [
    "--directory",
    "YOU_CVE_SEARCH_MCP_DIR_PATH",
    "run",
    "main.py"
  ],
  "disabled": false,
  "autoApprove": []
}

Usage Capabilities

Available Functions

This MCP server allows you to:

  • Retrieve a list of all vendors in JSON format
  • Get all products associated with a specific vendor
  • Access all vulnerabilities for a vendor's specific product
  • Look up details for a specific CVE ID
  • Get the latest 30 CVEs with their CAPEC, CWE, and CPE expansions
  • Obtain information about the current databases and their last update times

Interacting with the Server

Once configured, you can interact with the CVE-Search MCP server through your client. The server will automatically handle communication with the CVE-Search API and return structured data about vulnerabilities, vendors, and products.

You can query for specific CVE information, browse vendor catalogs, and retrieve the latest vulnerability information through your MCP-enabled applications or models.

Additional Resources

For more information about the underlying API, visit the CVE-Search API documentation.

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later