CVE MCP Server

---
name: cve-mcp
category: osint-technical-infrastructure
cost: free
api_key_required: partial
repo: https://github.com/mukul975/cve-mcp-server
paired_skills: ["ip-and-asn-attribution", "github-and-source-leak-search", "cloud-bucket-discovery"]
capabilities: ["cve-lookup", "vulnerability-intel", "threat-intel"]
---

# CVE MCP Server — 27 tools across 21 security APIs

Comprehensive vulnerability intelligence MCP covering CVE lookup, EPSS exploit prediction, CISA KEV catalog, MITRE ATT&CK, CWE, OSV.dev, and more. 8 of 27 tools require zero API keys.

## Install

```
uvx cve-mcp-server
```

## Configuration

```json
{
  "mcpServers": {
    "cve": {
      "command": "uvx",
      "args": ["cve-mcp-server"],
      "env": {
        "SHODAN_API_KEY": "YOUR_SHODAN_KEY_HERE",
        "VIRUSTOTAL_API_KEY": "YOUR_VT_KEY_HERE"
      }
    }
  }
}
```

Omit the env keys if you don't have Shodan or VirusTotal accounts — 8 tools still work without them.

## What it adds

Claude triages and prioritizes vulnerability findings mid-investigation — looking up a CVE's EPSS score to predict exploitation likelihood, checking CISA KEV to see if it's actively exploited in the wild, mapping to MITRE ATT&CK technique IDs, and pulling exploit references. Useful for scope-defining recon write-ups and for contextualizing Shodan/Censys findings.

## Pairs with skills

- 042 `ip-and-asn-attribution`
- 046 `github-and-source-leak-search`
- 047 `cloud-bucket-discovery`

## Cost

8 of 27 tools free with no keys (EPSS, CISA KEV, OSV.dev, MITRE ATT&CK, CWE, NVD limited). Shodan and VirusTotal keys extend coverage.