NVD Database MCP Server
@marcoeg
An MCP server to query the NIST National Vulnerability Database (NVD)
Overview
What is NVD Database MCP Server?
A Model Context Protocol server implementation that queries the NIST National Vulnerability Database (NVD) via its API, providing vulnerability data to MCP-compliant clients like Claude Desktop.
How to use NVD Database MCP Server?
Configure the server in the Claude Desktop config file by providing the path to uvx, the mcp-nvd argument, and your NVD API key as an environment variable. Then use the get_cve tool to retrieve a CVE by ID and the search_cve tool to search by keyword with optional parameters.
Key features of NVD Database MCP Server
- Query specific CVEs by ID with detailed vulnerability data
- Search the NVD database by keyword with customizable results
- Supports both stdio and SSE transport modes
- Compatible with MCP-compliant clients like Claude Desktop
- Offers concise output option for shorter CVE records
- Docker support for containerized deployment
Use cases of NVD Database MCP Server
- Retrieve full vulnerability details for a known CVE during security assessment
- Search for CVEs related to a specific software vendor or product
- Automate vulnerability intelligence gathering within an MCP workflow
- Integrate real-time CVE lookups into security tooling dashboards
FAQ from NVD Database MCP Server
What prerequisites are needed to run this server?
Python 3.10 or higher, a free NVD API key (request at nvd.nist.gov), and the uv package manager.
How do I configure it for Claude Desktop?
Edit the Claude Desktop config file (claude_desktop_config.json) to add mcp-nvd under mcpServers with the command set to your uvx path, args ["mcp-nvd"], and the NVD_API_KEY environment variable.
Does it support Server-Sent Events (SSE) transport?
Yes, it supports SSE transport for real-time communication, and can be run with --transport sse --port 9090.
What tools does the server provide?
Two tools: get_cve (retrieve a CVE by ID) and search_cve (search by keyword with options for exact match, concise output, and result count up to 2000).
Where does the vulnerability data come from?
All data is fetched directly from the NIST National Vulnerability Database (NVD) via its public API.