Nvd MCP Server

🚀 NVD MCP Server

Stay ahead of security threats without interrupting your workflow. The NVD MCP Server serves as your bridge to the National Vulnerability Database (NVD), seamlessly integrating into AI - driven development environments like Windsurf. Ask questions in natural language, access real - time vulnerability data, and keep your code secure—all from within your IDE. Based on the Model Context Protocol (MCP), this server connects conversational queries to NVD's extensive security database, enabling developers to effortlessly stay up - to - date.

🚀 Quick Start

The NVD MCP Server allows you to interact with the NVD database directly from your IDE. Just follow the installation steps and start querying for vulnerability information.

✨ Features

• CVE Details Lookup: Ask "What's the situation with CVE - 2023 - 1234?" and get a detailed breakdown—description, CVSS score, severity, and more.
• Keyword Search: Enter "Find CVEs related to Apache" to discover vulnerabilities associated with specific technologies or keywords.
• Latest CVEs: Use "Show new CVEs from the past week" to get updates on newly reported vulnerabilities.
• Severity Filtering: Focus on the most urgent security risks by using "List critical vulnerabilities".

📦 Installation

Requirements

• Python 3.8 or higher
• Dependencies:
  • mcp
  • httpx
  • python - dotenv

Install them using the following command: pip install mcp httpx python - dotenv

Installation Steps

1. Clone the repository:

cd nvd - mcp - server

2. Set up a virtual environment:

source venv/bin/activate  # On Windows: venv\Scripts\activate

3. Install dependencies:

• pip install -r requirements.txt

4. Configure your NVD API key:

• Obtain a key from the NVD API Key Request page: https://nvd.nist.gov/developers/request - an - api - key
• Create a keys.env file in the project root directory with the following content: NVD_API_KEY=your_api_key_here

💻 Usage Examples

Basic Usage

1. Start the server:

• python nvd_mcp.py --transport stdio

2. Connect your client/IDE/proxy to this MCP server for communication.

• For example, if you use Claude Desktop, go to Claude > Settings > Developers > Edit Configuration > claude_desktop_config.json and add the following:

{
  "mcpServers": {
    "nvd": {
      "command": "uv",
      "args": ["--directory", "/Path to nvd_mcp directory", "run", "nvd_mcp.py"]
    }
  }
}

3. Ask questions in natural language:

• “What's the situation with CVE - 2023 - 1234?” Returns detailed CVE information such as description and severity.

• “Are there any critical vulnerabilities recently?” Lists the latest CVEs with critical severity.

• “Search for CVEs related to Apache.” Displays vulnerabilities related to Apache.

📚 Documentation

Configuration

• API Key: Securely store your NVD API key in keys.env in the format NVD_API_KEY=your_api_key_here.
• Transport Mechanism:
  • Default: --transport stdio for local use.
  • For networked setups, use --transport http (ensure appropriate security like HTTPS).

🤝 Contribution

We greatly welcome your help in making this project even better!

🙏 Acknowledgments

• The MCP framework provided by Anthropic.
• The National Vulnerability Database maintained by NIST.
• Your attention to our project!