CIRCL CVE SEARCH MCP Server
@Cyreslab-AI
About CIRCL CVE SEARCH MCP Server
MCP server for CIRCL CVE Search API with intelligent risk assessment and comprehensive vulnerability analysis.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"circl-cve-search": {
"command": "npx",
"args": [
"@cyreslab/circl-cve-search-mcp-server"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is CIRCL CVE SEARCH MCP Server?
The CIRCL CVE SEARCH MCP Server is a Model Context Protocol (MCP) server for accessing the CIRCL CVE SEARCH API. It provides comprehensive vulnerability and security information, making it suitable for security researchers and developers who need to query CVE, CWE, and CAPEC data programmatically.
How to use CIRCL CVE SEARCH MCP Server?
Install the package via npm and add it to your MCP client configuration using the command npx @cyreslab/circl-cve-search-mcp-server. The server exposes four tools: get_cve, browse_vendor, get_cwe, and get_capec, each with specific parameters for querying vulnerability data.
Key features of CIRCL CVE SEARCH MCP Server
- Access detailed CVE information by ID.
- Browse CVEs by vendor name.
- Retrieve Common Weakness Enumeration (CWE) data.
- Retrieve Common Attack Pattern Enumeration (CAPEC) data.
- Automatic retry with exponential backoff for reliability.
- Structured, readable response formatting.
Use cases of CIRCL CVE SEARCH MCP Server
- Investigate a specific vulnerability by its CVE ID to understand impact and references.
- Audit a vendor’s product security by browsing all CVEs associated with that vendor.
- Classify vulnerabilities by weakness type using CWE data for reporting.
- Study attack patterns via CAPEC data to improve threat modeling.
- Integrate real-time CVE lookup into security automation pipelines.
FAQ from CIRCL CVE SEARCH MCP Server
What data sources does the server use?
The server uses the CIRCL CVE SEARCH API, which provides CVE data from the National Vulnerability Database (NVD), as well as CPE, CWE, and CAPEC data.
Does the API require authentication or have rate limits?
The CIRCL CVE SEARCH API is free to use and does not require authentication. Users should use it responsibly to avoid impacting the service.
What error conditions does the server handle?
The server handles invalid CVE/CWE/CAPEC ID formats, empty search queries, API rate limiting, network errors, and invalid parameters with clear, actionable error messages.
What tools are available and what parameters do they accept?
Available tools are get_cve (requires cve_id), browse_vendor (requires vendor, optional limit up to 50), get_cwe (requires cwe_id), and get_capec (requires capec_id).
More Developer Tools MCP servers
MCP Framework
QuantGeekDevThe Typescript MCP Framework
Golf
golf-mcpProduction-Ready MCP Server Framework • Build, deploy & scale secure AI agent infrastructure • Includes Auth, Observability, Debugger, Telemetry & Runtime • Run real-world MCPs powering AI Agents
Stakpak Agent CLI
stakpakShip your code, on autopilot. An open source agent that lives on your machines 24/7 and keeps your apps running. 🦀
sentry-mcp
getsentryAn MCP server for interacting with Sentry via LLMs.
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.
Comments