MCP CVE Intelligence Server Lite

A streamlined Model Context Protocol (MCP) Server for cybersecurity intelligence, providing unified access to vulnerability data from multiple authoritative sources including NVD, MITRE, and GitHub Security Advisories. This Lite version focuses on core CVE intelligence capabilities with essential features for security professionals.

🚀 Overview

The MCP CVE Intelligence Server Lite is a streamlined Model Context Protocol (MCP) Server designed for security professionals, penetration testers, and cybersecurity researchers who need essential vulnerability intelligence integrated into their AI workflows. This Lite edition focuses on core features, aggregating data from multiple authoritative sources and delivering actionable security insights through standardized protocols.

Status: Lite edition with core CVE intelligence features and streamlined functionality.

Key Features (Lite Edition)

• 🔍 Multi-Source CVE Intelligence: Unified access to NVD, MITRE CVE Records, and GitHub Security Advisories
• 🎯 Essential Exploit Discovery: Pattern-based detection from Exploit-DB, GitHub PoCs, Metasploit, and PacketStorm
• 🧮 EPSS Risk Scoring: Environmental context-aware vulnerability prioritization with exploit prediction
• 📊 Complete CVSS Support: Full v4/v3/v2 metric analysis with intelligent severity assessment
• 🔧 CPE-Based Discovery: Product-specific vulnerability identification using standardized identifiers
• 📈 Trending Analysis: Real-time vulnerability trending based on severity, exploits, and activity
• 📋 Professional Reports: Generate security reports in multiple formats (Markdown, JSON, summary)
• ⚡ Performance Optimized: Intelligent caching, retry logic, and streamlined processing
• 🛡️ Security-First: Type-safe implementation with comprehensive input validation and sanitization
• 🚦 Rate Limiting: Intelligent request throttling with source-specific limits
• 📊 Health Monitoring: Real-time source availability and performance tracking

🛠️ Installation

Prerequisites

• Node.js: 20.0.0 or higher
• npm: Comes with Node.js

Quick Start

# Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite

# Install dependencies
npm install

# Build the project
npm run build

# Start the server
npm start

Docker Deployment

Using Pre-built Image (Recommended)

# Pull and run the latest image from Docker Hub
docker run -d \
  --name mcp-cve-server \
  -p 13001:3001 \
  -e MCP_TRANSPORT_TYPE=http \
  -e MCP_HTTP_PORT=3001 \
  -e MCP_HTTP_HOST=0.0.0.0 \
  proug/mcp-cve-intelligence-server-lite:latest

# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/health

Using Docker Compose

# Using the provided Docker setup
chmod +x docker-run.sh
./docker-run.sh up

# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/health

Building from Source

# Build locally if you want to customize
docker build -t mcp-cve-intelligence-server-lite:local .
docker run -d -p 13001:3001 mcp-cve-intelligence-server-lite:local

📋 For advanced Docker configuration, customization, and deployment options, see docs/DOCKER.md

MCP Client Setup

To use this server with MCP-compatible clients, install via NPM and configure:

# Quick install from NPM
npx @proug/mcp-cve-intelligence-server-lite@latest --help

VS Code Configuration:

{
  "servers": {
    "cve-intelligence": {
      "type": "stdio",
      "command": "npx", 
      "args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
    }
  }
}

📋 For complete MCP client configuration (VS Code, Claude Desktop, etc.), see the Configuration section below.

📖 Usage

MCP Tools Available (Lite Edition)

The server provides 7 essential tools for comprehensive CVE intelligence and security analysis:

1. searchCves - Advanced CVE Search & Discovery

Search for vulnerabilities using flexible criteria with intelligent filtering:

{
  "keyword": "apache log4j",
  "severity": "CRITICAL", 
  "hasExploit": true,
  "dateStart": "2021-01-01",
  "dateEnd": "2024-12-31",
  "limit": 50,
  "source": "nvd"
}

Advanced Examples:

// Search for recent RCE vulnerabilities
{
  "keyword": "remote code execution",
  "severity": "HIGH,CRITICAL",
  "dateStart": "2024-01-01",
  "hasExploit": true,
  "limit": 100
}

// Find Windows privilege escalation issues
{
  "keyword": "windows privilege escalation",
  "severity": "MEDIUM,HIGH,CRITICAL",
  "limit": 25
}

2. getCveDetails - Comprehensive CVE Intelligence

Retrieve detailed vulnerability information with exploit analysis:

{
  "cveId": "CVE-2021-44228",
  "includeExploits": true,
  "includeReferences": true
}

Response includes:

• Complete CVSS v4/v3/v2 metrics and scoring
• CWE classifications and weakness analysis
• Affected products with CPE identifiers
• Known exploits from multiple sources
• EPSS risk scores and probability
• Vendor advisories and patches

3. getTrendingCves - Real-Time Vulnerability Intelligence

Discover currently trending vulnerabilities based on activity and severity:

{
  "limit": 25,
  "timeframe": "7d",
  "minSeverity": "MEDIUM"
}

Trending Analysis:

• Recently disclosed high-impact vulnerabilities
• CVEs with increasing exploit activity
• Vulnerabilities gaining security community attention
• Active discussions and proof-of-concepts

4. calculateEpssScores - Environmental Risk Assessment

Calculate context-aware EPSS scores for vulnerability prioritization:

{
  "cveIds": ["CVE-2021-44228", "CVE-2022-22965", "CVE-2023-23397"],
  "environmentContext": {
    "networkExposure": "internet-facing",
    "assetCriticality": "critical",
    "securityControls": ["waf", "ids", "edr"],
    "patchingCapability": "rapid"
  }
}

Environment Contexts:

• networkExposure: "internal", "dmz", "internet-facing"
• assetCriticality: "low", "medium", "high", "critical"
• securityControls: Array of deployed security measures
• patchingCapability: "limited", "standard", "rapid"

5. generateCveReport - Professional Security Reports

Generate comprehensive vulnerability reports in multiple formats:

{
  "cveIds": ["CVE-2021-44228", "CVE-2022-22965"],
  "format": "markdown",
  "includeExploits": true,
  "includeMetrics": true,
  "includeMitigation": true
}

Report Formats:

• markdown: Professional markdown reports
• json: Structured data for automation
• summary: Executive summary format

Report Sections:

• Executive summary with risk assessment
• Detailed vulnerability analysis
• Exploit availability and complexity
• Recommended mitigation strategies
• CVSS metrics and environmental scoring

6. searchByCpe - Product-Specific Vulnerability Discovery

Find vulnerabilities affecting specific products using CPE identifiers:

{
  "cpe": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
  "severity": "HIGH,CRITICAL",
  "hasExploit": true,
  "limit": 50
}

CPE Examples:

// Search for all Apache products
{
  "cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*",
  "severity": "CRITICAL"
}

// Windows Server vulnerabilities
{
  "cpe": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
  "hasExploit": true
}

// Specific version targeting
{
  "cpe": "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*",
  "includeExploits": true
}

7. getSourceHealth - Data Source Monitoring

Monitor the health and availability of CVE data sources:

{
  "includeMetrics": true,
  "includeLastUpdated": true
}

Health Metrics:

• Source availability status
• Response times and performance
• Last successful data update
• API rate limit status
• Error rates and reliability

Command Line Interface

The server includes a comprehensive CLI for production deployment and testing:

Quick Start Commands

# Quick start with HTTP transport
npm start -- quick-start --port 3001

# Start with stdio transport (default MCP)
npm start -- --transport stdio

# Start with custom configuration
npm start -- --transport http --port 3001 --log-level debug

Configuration Management

# Show current configuration and environment
npm start -- config

Health Monitoring & Testing

# Basic health check via HTTP endpoint
curl http://localhost:3001/health

# Test via MCP tools
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'

Docker Integration

# Generate Docker commands and deployment info
npm start -- docker --port 3001

Advanced Options

# Custom transport and networking
npm start -- --transport http --port 3001 --host 0.0.0.0

# Set log level for debugging
npm start -- --transport http --log-level debug

# Help and available commands
npm start -- --help

Practical Usage Examples

Scenario 1: Security Assessment Workflow

# 1. Start the server for assessment
npm start -- quick-start --port 3001

# 2. Check source health
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'

# 3. Search for critical vulnerabilities in your stack
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "searchByCpe", "arguments": {"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*", "severity": "CRITICAL"}}}'

# 4. Generate assessment report
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "generateCveReport", "arguments": {"cveIds": ["CVE-2021-44228"], "format": "markdown", "includeExploits": true}}}'

Scenario 2: Threat Intelligence Research

# 1. Find trending vulnerabilities
npm start -- --transport http --port 3001

# 2. Research specific CVE with exploits
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "getCveDetails", "arguments": {"cveId": "CVE-2024-12345", "includeExploits": true}}}'

# 3. Calculate environmental risk
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "calculateEpssScores", "arguments": {"cveIds": ["CVE-2024-12345"], "environmentContext": {"networkExposure": "internet-facing", "assetCriticality": "critical"}}}}'

Scenario 3: Penetration Testing Preparation

# Search for exploitable vulnerabilities in target technology
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "windows server 2019", "hasExploit": true, "severity": "HIGH,CRITICAL", "limit": 50}}}'

# Find recent RCE vulnerabilities
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "remote code execution", "dateStart": "2024-01-01", "hasExploit": true}}}'

Configuration

Configure the server using environment variables or .env file:

MCP Client Configuration

To use this server with MCP-compatible clients (VS Code, Claude Desktop, etc.), you need to configure the client to connect to this server.

For VS Code:

Create a .vscode/mcp.json file in your workspace:

{
  "servers": {
    "cve-intelligence": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "mcp-cve-intelligence-server-lite@latest"]
    }
  }
}

Or for global configuration, run MCP: Open User Configuration in VS Code and add:

{
  "servers": {
    "cve-intelligence": {
      "type": "stdio", 
      "command": "npx",
      "args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
      "env": {
        "NVD_API_KEY": "${input:nvd-api-key}",
        "GITHUB_TOKEN": "${input:github-token}"
      }
    }
  },
  "inputs": [
    {
      "type": "promptString",
      "id": "nvd-api-key",
      "description": "NVD API Key (optional)",
      "password": true
    },
    {
      "type": "promptString", 
      "id": "github-token",
      "description": "GitHub Personal Access Token (optional)",
      "password": true
    }
  ]
}

For Claude Desktop:

Add to your Claude Desktop configuration file (~/Library/Application Support/Claude/config.json on macOS):

{
  "mcpServers": {
    "cve-intelligence": {
      "command": "npx",
      "args": ["-y", "mcp-cve-intelligence-server-lite@latest"],
      "env": {
        "NVD_API_KEY": "your-optional-nvd-api-key",
        "GITHUB_TOKEN": "your-optional-github-token"
      }
    }
  }
}

For Docker Containers:

You can run the MCP server in a Docker container for enhanced security and isolation:

VS Code Configuration (STDIO Transport):

{
  "servers": {
    "cve-intelligence": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "proug/mcp-cve-intelligence-server-lite:latest"
      ]
    }
  }
}

VS Code Configuration (HTTP Transport):

{
  "servers": {
    "cve-intelligence": {
      "url": "http://localhost:3001/mcp"
    }
  }
}

Claude Desktop Configuration (STDIO Transport):

{
  "mcpServers": {
    "cve-intelligence": {
      "command": "docker",
      "args": [
        "run",
        "-i", 
        "--rm",
        "proug/mcp-cve-intelligence-server-lite:latest"
      ],
      "env": {
        "NVD_API_KEY": "your-optional-nvd-api-key",
        "GITHUB_TOKEN": "your-optional-github-token"
      }
    }
  }
}

Claude Desktop Configuration (HTTP Transport):

{
  "mcpServers": {
    "cve-intelligence": {
      "command": "docker",
      "args": [
        "run",
        "-d",
        "--rm", 
        "-p", "3001:3001",
        "-e", "MCP_TRANSPORT_TYPE=http",
        "-e", "MCP_HTTP_PORT=3001",
        "-e", "MCP_HTTP_HOST=0.0.0.0",
        "-e", "NVD_API_KEY=your-optional-nvd-api-key",
        "-e", "GITHUB_TOKEN=your-optional-github-token",
        "proug/mcp-cve-intelligence-server-lite:latest"
      ]
    }
  }
}

Docker Compose (Production Ready):

Use the provided docker-compose.yml for production deployments:

# Start with HTTP transport on port 13001
./docker-run.sh up

# Server available at: http://localhost:13001
# Health check: http://localhost:13001/health/live

Note: When using Docker, the MCP server runs in an isolated container. The Docker image is available from Docker Hub:

# Pull the latest image
docker pull proug/mcp-cve-intelligence-server-lite:latest

# Or build locally from source:
docker build -t mcp-cve-intelligence-server-lite:local .

For Custom Implementations:

Start the server in stdio mode and connect via standard input/output:

# Start server in stdio mode (default)
npx mcp-cve-intelligence-server-lite

# Or start in HTTP mode
npx mcp-cve-intelligence-server-lite --transport http --port 3001

Basic Configuration

# Core server settings
export MCP_HTTP_PORT="3001"
export MCP_TRANSPORT="http"  # or "stdio"
export LOG_LEVEL="info"      # debug, info, warn, error
export NODE_ENV="production" # development, production, test

API Authentication (Enhanced Functionality)

# NVD API (NIST) - Higher rate limits
export NVD_API_KEY="your-nvd-api-key"

# GitHub API - Higher rate limits for security advisories
export GITHUB_TOKEN="your-github-personal-access-token"

# MITRE CVE Program - Requires CVE Program membership
export MITRE_API_KEY="your-mitre-api-key"
export MITRE_API_ORG="your-organization-name"
export MITRE_API_USER="your-username"

Security Note: API keys and tokens are only accepted via environment variables for security reasons. They cannot be provided via CLI arguments.

Advanced Configuration

# Rate limiting and performance
export CVE_CACHE_TTL="1800"          # Cache TTL in seconds
export CVE_CACHE_MAX_SIZE="1000"     # Maximum cache entries
export CVE_REQUEST_TIMEOUT="30000"   # Request timeout in ms
export CVE_RETRY_ATTEMPTS="3"        # Retry attempts for failed requests

# Security settings
export CVE_CORS_ORIGIN="*"           # CORS allowed origins
export CVE_API_KEY_REQUIRED="false"  # Require API key for access
export CVE_RATE_LIMIT="100"          # Requests per window
export CVE_RATE_WINDOW="3600"        # Rate limit window in seconds

# Logging and monitoring
export LOG_FILE_PATH="/app/logs"     # Log file directory
export LOG_MAX_FILES="30"            # Maximum log files to keep
export LOG_MAX_SIZE="100mb"          # Maximum log file size
export METRICS_ENABLED="true"        # Enable performance metrics

Environment File Example

Create a .env file in your project root:

# .env file for MCP CVE Intelligence Server Lite
NODE_ENV=development
MCP_HTTP_PORT=3001
LOG_LEVEL=debug

# API Keys (optional but recommended)
NVD_API_KEY=your-nvd-api-key-here
GITHUB_TOKEN=ghp_your-github-token-here

# Performance tuning
CVE_CACHE_TTL=3600
CVE_REQUEST_TIMEOUT=30000
CVE_RETRY_ATTEMPTS=3

# Security
CVE_CORS_ORIGIN=http://localhost:3000,https://yourdomain.com
CVE_RATE_LIMIT=200
CVE_RATE_WINDOW=3600

Docker Environment Configuration

# docker-compose.yml environment section
environment:
  - NODE_ENV=production
  - MCP_HTTP_PORT=3001
  - LOG_LEVEL=info
  - NVD_API_KEY=${NVD_API_KEY}
  - GITHUB_TOKEN=${GITHUB_TOKEN}
  - CVE_CACHE_TTL=1800
  - CVE_RATE_LIMIT=100

Authentication Details

Source	Authentication	Required For	Setup
NVD	Optional API key	Higher rate limits	NVD_API_KEY
GitHub	Optional token	Higher rate limits	GITHUB_TOKEN
MITRE	CVE Program membership	Search functionality	MITRE_API_KEY, MITRE_API_ORG, MITRE_API_USER

Note: MITRE search requires CVE Program membership with Secretariat role. Individual CVE lookups work without authentication. 📋 For Docker-specific configuration and deployment options, see docs/DOCKER.md

🏗️ Architecture (Lite Edition)

Core Components

• CVE Service: Central intelligence engine for vulnerability analysis
• Source Manager: Manages multiple CVE data sources with failover
• Transport Manager: Handles both STDIO and HTTP transport protocols
• Health Service: Monitors data source availability and performance
• Exploit Intelligence: Pattern-based exploit discovery and classification

Data Sources (Lite Configuration)

Source	Purpose	Features	Authentication
NVD (NIST)	Primary CVE database	CVSS metrics, CPE matching, essential search	Optional (API key)
MITRE	Authoritative CVE records	Official assignments, CWE mappings, CVE JSON 5.1	CVE Program membership
GitHub Security	Modern vulnerability advisories	GHSA identifiers, ecosystem-specific data	Optional (token)

Exploit Sources (Lite Pattern Detection)

• Exploit-DB: Verified exploits with detailed documentation and proof-of-concepts
• GitHub PoCs: Cutting-edge research and proof-of-concept repositories
• Metasploit Framework: Professional penetration testing modules and exploits
• PacketStorm Security: Curated security exploits and security advisories

🔧 Development

Quick Development Setup

# Clone and setup
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
npm install

# Build and run
npm run build
npm start

📋 For detailed development workflow, debugging, testing procedures, and contribution guidelines, see CONTRIBUTING.md

📊 Performance Features (Lite Edition)

• Essential Caching: Smart caching reduces API calls and improves response times
• Streamlined Processing: Optimized source queries for faster results
• Retry Logic: Exponential backoff with circuit breaker for reliable API communication
• Request Optimization: Prevents duplicate API calls within time windows
• Performance Monitoring: Built-in timing, metrics collection, and health checks
• Connection Management: Efficient HTTP connection handling
• Rate Limiting: Source-specific throttling respecting API limits and quotas

🔒 Security Considerations

• Input Validation: Comprehensive Zod schema validation for all inputs
• Sanitization: Multi-layer input sanitization preventing injection attacks
• Rate Limiting: Request throttling with client identification and blocking
• Error Handling: Secure error messages without sensitive data exposure
• Type Safety: Strict TypeScript implementation preventing runtime errors
• API Key Management: Secure environment variable handling with validation
• Transport Security: HTTPS enforcement and secure headers
• Session Management: Secure session handling for HTTP transport

🌟 Use Cases (Lite Edition)

For Security Professionals

• Vulnerability Assessment: Essential CVE research and analysis
• Threat Intelligence: Real-time vulnerability trending and prioritization
• Penetration Testing: Exploit discovery and pattern analysis
• Compliance Reporting: Professional vulnerability reports

For AI/LLM Integration

• Context-Aware Security: Provide vulnerability context to AI models
• Automated Research: Enable AI-driven security research workflows
• Intelligent Prioritization: AI-assisted vulnerability triage
• Report Generation: Automated security documentation

🤝 Contributing

We welcome contributions! Please see our Contributing Guide for details on:

• Setting up the development environment
• Code style guidelines
• Submitting pull requests
• Reporting bugs and feature requests

🛡️ Security

This project follows security best practices:

• Responsible Disclosure: See our Security Policy for reporting vulnerabilities
• Secure Development: All releases go through automated security scanning and approval processes
• Access Control: Repository access is restricted to verified maintainers
• Audit Trail: All production deployments are tracked and require approval

For security concerns, please see our Security Policy.

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙋‍♂️ Support

• GitHub Issues: Report bugs or request features
• GitHub Discussions: Community discussions and questions
• Documentation: Check the inline code documentation for API details

🏆 Credits

• NIST NVD: Primary vulnerability database
• MITRE Corporation: CVE numbering authority
• GitHub Security: Modern security advisory platform
• Model Context Protocol: AI integration framework

---

Built with ❤️ for the cybersecurity community

MCP CVE Intelligence Server Lite - Essential CVE intelligence for security professionals