Pricing

from $0.01 / 1,000 results

CVE Intelligence MCP - Updated

CVE vulnerability intelligence for AI agents — NVD data, CVSS scoring, affected software, and vulnerability trend analysis.

Pricing

from $0.01 / 1,000 results

Rating

0.0

(0)

Developer

AutomateLab

Actor stats

Bookmarked

Total users

Monthly active users

9 days ago

Last modified

NVD CVE Data — MCP Server for AI Agents

Access 348,000+ CVE vulnerability records from the National Vulnerability Database (NVD) with CVSS scoring, affected software (CPE) lists, vendor advisories, and severity trend analysis. Built as a Model Context Protocol (MCP) server for AI agents performing security research, vulnerability triage, penetration testing, and supply chain risk assessment.

This MCP server connects AI agents directly to NIST's NVD API — no API keys required, no rate limit nightmares. AI agents querying CVE details, severity rankings, and vendor-specific vulnerability data use this as their CVE intelligence layer.

Features

348,000+ CVE records from NIST's National Vulnerability Database
CVSS v3.1/v3.0/v2.0 scoring with full vector strings and severity ratings
CPE affected software lists — product, vendor, version ranges per CVE
CWE weakness classifications — standardized weakness type mapping
Vendor advisory search — all CVEs affecting a specific vendor's products
Severity trend analysis — rank critical/high CVEs by score for prioritization
Recent CVE feeds — published CVEs from the last N days
Keyword CVE search — find vulnerabilities by product, component, or keyword
No API keys required — NVD public API is freely accessible
Structured JSON output — ready for AI agent consumption and downstream processing

Quick Start

Add to your MCP client configuration:

{
  "mcpServers": {
    "cve-intelligence-mcp": {
      "url": "https://red-cars--cve-intelligence-mcp.apify.actor/mcp"
    }
  }
}

Query CVEs directly from your AI agent:

search_cves(query="log4j", severity="CRITICAL", resultsPerPage=10)
get_cve_details(cveId="CVE-2024-3094")
get_vendor_advisories(vendor="apache", product="log4j", maxResults=20)

Input

Parameter	Type	Required	Description
query	string	No	Keyword to search in CVE titles, descriptions, and affected products
cveId	string	No	Specific CVE identifier (e.g., CVE-2024-3094)
vendor	string	No	Vendor name for advisory search (e.g., apache, microsoft)
product	string	No	Product name to narrow vendor advisory search
severity	string	No	Filter by severity: CRITICAL, HIGH, MEDIUM, LOW
minScore	number	No	Minimum CVSS score (0.0–10.0) for threshold analysis
maxScore	number	No	Maximum CVSS score for bounded searches
daysBack	number	No	Number of days to look back for recent CVEs (default: 30)
maxResults	number	No	Maximum number of results to return (default: 10, max: 100)
resultsPerPage	number	No	Results per page for paginated searches

Tools

search_cves

Search NVD's CVE database by keyword, severity, or publication year. Returns CVE IDs, descriptions, CVSS scores, and affected software for each match. Best for initial discovery when exploring a vulnerability topic.

search_cves(query="log4j", severity="CRITICAL", resultsPerPage=10)

get_recent_cves

Fetch recently published CVEs from the last N days. Useful for staying current on newly disclosed vulnerabilities affecting your attack surface or dependency tree.

get_recent_cves(maxResults=10, daysBack=7)

get_cve_details

Retrieve the full vulnerability profile for a specific CVE — including description, CVSS metrics (v3.1/v3.0/v2.0), CPE affected software list, reference URLs (vendor advisories, patches, exploitDB entries), and CWE weakness classification.

get_cve_details(cveId="CVE-2024-3094")

analyze_cvss_scores

Analyze CVEs filtered by CVSS score threshold. Returns critical and high severity vulnerabilities ranked by score, enabling rapid prioritization for incident response and remediation planning.

analyze_cvss_scores(minScore=7, maxResults=50)

get_vendor_advisories

Search all known CVEs affecting products from a specific vendor. Returns vendor name, affected products, CVE counts, and severity distribution — essential for supply chain security audits.

get_vendor_advisories(vendor="apache", product="log4j", maxResults=20)

Output

All tools return structured JSON optimized for AI agent consumption:

{
  "cves": [
    {
      "id": "CVE-2024-3094",
      "description": "XZ Utils 5.6.x through 5.6.6...",
      "severity": "CRITICAL",
      "cvssScore": 10.0,
      "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "published": "2024-03-29T00:00:00.000Z",
      "lastModified": "2024-04-02T00:00:00.000Z",
      "affectedProducts": [
        {
          "vendor": "xz",
          "product": "xz-utils",
          "version": "5.6.0 - 5.6.6"
        }
      ],
      "references": [
        {"url": "https://www.cve.org/CVERecord?id=CVE-2024-3094", "source": "cve.org"},
        {"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3094", "source": "NVD"}
      ],
      "weakness": "CWE-426",
      "cweName": "Untrusted Search Path"
    }
  ],
  "totalResults": 1,
  "source": "NVD (NIST)"
}

Pricing

Tool	Price (USD)
search_cves	$0.03 per call
get_recent_cves	$0.02 per call
get_cve_details	$0.02 per call
analyze_cvss_scores	$0.05 per call
get_vendor_advisories	$0.03 per call

All prices in USD per tool invocation. No API key purchase required — NVD's public API is open and free to access. Your costs are compute time on the Apify platform.

Troubleshooting

Q: The MCP server is not responding to my requests. A: Verify the actor is running at https://red-cars--cve-intelligence-mcp.apify.actor/mcp. Check your MCP client is pointing to the correct URL with no trailing path issues. Restart your MCP client after configuration.

Q: I'm getting empty results for a CVE I know exists. A: NVD sometimes has a processing lag for newly published CVEs (0–48 hours). Try searching by keyword instead of CVE ID for recent disclosures. Check NVD directly at https://nvd.nist.gov/vuln/detail/[CVE-ID] to confirm the CVE exists.

Q: Rate limit errors when searching frequently. A: The actor implements internal caching and respects NVD's public API rate limits. If you hit 429 errors, reduce request frequency or batch queries. For production use at scale, consider running your own NVD data mirror.

Q: CVSS score is missing for some CVEs. A: NVD does not assign CVSS scores to all CVEs — approximately 15% of the database lacks scoring. These CVEs typically have status: "REJECTED" or are still under analysis. Check the description field and references for manually curated severity information.

Q: How do I get CVEs for a specific product version? A: Use get_vendor_advisories with both vendor and product parameters to narrow results. For version-specific filtering, use search_cves with a query like "productName 5.6.0" and manually filter the returned CPE lists in the response.

Q: Can I use this for compliance reporting? A: Yes. The structured JSON output includes CVSS scores, severity ratings, CWE classifications, and affected product lists — all the data points needed for SOC 2, ISO 27001, and PCI DSS vulnerability assessment reports. Format the output into your compliance template as needed.

CVE Vulnerability Scraper

cloud9_ai/cve-scraper

Search and extract CVE vulnerability data from NIST NVD. Get CVSS scores, affected products, and references. No API key required.

cloud9

NIST NVD CVE Vulnerability Database Scraper

compute-edge/nist-nvd-scraper

Search and extract CVE vulnerability data from the NIST National Vulnerability Database (NVD) API 2.0. Filter by keyword, CVSS severity, publication date, and modification date. Returns flattened CVE records with CVSS scores, CWE IDs, references, and affected products.

Compute Edge

CVE Scraper

rl1987/cve-scraper

CVE.org vulnerability info scraper

R.L.

CVE Vulnerability Lookup (NIST NVD)

automation-lab/cve-vulnerability-lookup

Query the NIST NVD for CVE details — lookup by CVE ID, keyword, or CPE product. Returns CVSS scores, descriptions, CWE IDs, affected software, and patch links. No API key required.

Stas Persiianenko

NVD CVE Vulnerability Search

ryanclinton/nvd-cve-vulnerability-search

NVD CVE Vulnerability Search queries the NIST National Vulnerability Database (NVD) REST API v2.0 to retrieve detailed information about Common Vulnerabilities and Exposures (CVEs). The NVD is the U.S.

Ryan Clinton

CVE NVD Scraper

gio21/cve-nvd-scraper

Scrape NIST National Vulnerability Database (NVD). Search CVEs by keyword, CVE-ID, CVSS severity, date range. Returns CVE-ID, description, CVSS v3/v2 scores, references, CWEs, affected configurations. For security teams, vuln research, patch management.

Gio

NVD CVE Vulnerability Crawler

jungle_synthesizer/nvd-cve-crawler

Crawl 250K+ CVE records from the NIST National Vulnerability Database. Extract CVSS v3.1 scores, severity ratings, attack vectors, affected products (CPE), CWE weaknesses, and exploit/patch status. Filter by keyword, severity, vendor, and date range.

BowTiedRaccoon

CVE Vulnerability Monitor - NVD Daily

pink_comic/nvd-cve-vulnerability-database

Monitor the National Vulnerability Database for new CVEs daily. Schedule runs to track vulnerabilities by keyword, severity, or vendor. Get CVSS scores, descriptions, and affected products. For security teams, DevSecOps, penetration testers, and compliance. Pay per result.

Ava Torres

NIST NVD CVE Scraper

parseforge/nist-nvd-cve-scraper

Scrape CVE vulnerabilities from the NIST National Vulnerability Database (NVD) API 2.0. Filter by severity, CWE, keyword, date range, or single CVE ID. Returns CVSS v3/v2 scores, CWE weaknesses, CPE configurations, and references.

ParseForge

CVE Monitor — New Vulnerability Feed with Alerts

mukedlii/nvd-cve-monitor

Monitor the NIST National Vulnerability Database (NVD) for new and updated CVEs. Filter by vendor, product, CVSS score, or severity level. Get instant Telegram alerts when critical vulnerabilities affect your stack.