MCP.so
ログイン
V

Vulnfeed

@infai-tech

Vulnfeed について

An MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions. $14/mo — not per-seat.

基本情報

カテゴリ

その他

トランスポート

stdio

公開者

infai-tech

投稿者

Nat Burke

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "vulnfeed": {
      "command": "uvx",
      "args": [
        "vulnfeed-mcp"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Vulnfeed?

Vulnfeed is an MCP server that monitors your project’s dependencies for security vulnerabilities, native to Claude Code. It reads lockfiles, queries the NVD and GitHub Advisory Database for known CVEs, enriches results with EPSS (Exploit Prediction Scoring System) scores, and recommends exact fix versions from package registries. It is intended for developers using Claude Code who want continuous dependency vulnerability tracking.

How to use Vulnfeed?

Vulnfeed is an MCP server that can be run locally (stdio transport) or remotely (SSE transport). After installation, it provides 9 tools for scanning lockfiles, checking individual packages, looking up CVEs, and managing continuous monitoring. The free tier requires no signup and allows 10 scans per day and 1 monitored project; paid subscriptions are available.

Key features of Vulnfeed

  • Reads 9 lockfile formats (package-lock.json, requirements.txt, go.sum, Cargo.lock, etc.)
  • Queries NVD and GitHub Advisory Database for known CVEs
  • Enriches findings with Exploit Prediction Scoring System (EPSS) scores
  • Recommends exact fix versions from package registries
  • Supports continuous monitoring with alerts for new CVEs
  • 9 tools for scanning, checking, and managing projects
  • Free tier available with 10 scans/day and 1 monitored project

Use cases of Vulnfeed

  • Scan all lockfiles in a project directory to find known vulnerabilities
  • Monitor a specific project continuously and receive alerts when new CVEs are published
  • Look up detailed information about a specific CVE, including EPSS score and recommended fix version
  • Check a single package for known vulnerabilities before adding it as a dependency

FAQ from Vulnfeed

What data sources does Vulnfeed use?

Vulnfeed queries the NVD (National Vulnerability Database) and GitHub Advisory Database for CVEs, and enriches results with EPSS scores from the Exploit Prediction Scoring System.

How is Vulnfeed different from other vulnerability scanners?

Vulnfeed uses EPSS scores to prioritize and filter noise, recommends exact fix versions from package registries, and offers continuous monitoring with no-signup free tier.

What transports does Vulnfeed support?

Vulnfeed supports stdio (for local installation) and SSE (for remote access).

Is authentication required to use Vulnfeed?

No signup is required for the free tier (10 scans/day, 1 monitored project). A paid subscription is available for unlimited scans and projects.

What are the limits on the free tier?

The free tier allows 10 scans per day and 1 monitored project.

コメント

「その他」の他のコンテンツ