MCP.so
Sign In
Servers
V

Vulnfeed

@infai-tech

An MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions. $14/mo — not per-seat.

Overview

What is Vulnfeed?

Vulnfeed is an MCP server that monitors your project’s dependencies for security vulnerabilities, native to Claude Code. It reads lockfiles, queries the NVD and GitHub Advisory Database for known CVEs, enriches results with EPSS (Exploit Prediction Scoring System) scores, and recommends exact fix versions from package registries. It is intended for developers using Claude Code who want continuous dependency vulnerability tracking.

How to use Vulnfeed?

Vulnfeed is an MCP server that can be run locally (stdio transport) or remotely (SSE transport). After installation, it provides 9 tools for scanning lockfiles, checking individual packages, looking up CVEs, and managing continuous monitoring. The free tier requires no signup and allows 10 scans per day and 1 monitored project; paid subscriptions are available.

Key features of Vulnfeed

  • Reads 9 lockfile formats (package-lock.json, requirements.txt, go.sum, Cargo.lock, etc.)
  • Queries NVD and GitHub Advisory Database for known CVEs
  • Enriches findings with Exploit Prediction Scoring System (EPSS) scores
  • Recommends exact fix versions from package registries
  • Supports continuous monitoring with alerts for new CVEs
  • 9 tools for scanning, checking, and managing projects
  • Free tier available with 10 scans/day and 1 monitored project

Use cases of Vulnfeed

  • Scan all lockfiles in a project directory to find known vulnerabilities
  • Monitor a specific project continuously and receive alerts when new CVEs are published
  • Look up detailed information about a specific CVE, including EPSS score and recommended fix version
  • Check a single package for known vulnerabilities before adding it as a dependency

FAQ from Vulnfeed

What data sources does Vulnfeed use?

Vulnfeed queries the NVD (National Vulnerability Database) and GitHub Advisory Database for CVEs, and enriches results with EPSS scores from the Exploit Prediction Scoring System.

How is Vulnfeed different from other vulnerability scanners?

Vulnfeed uses EPSS scores to prioritize and filter noise, recommends exact fix versions from package registries, and offers continuous monitoring with no-signup free tier.

What transports does Vulnfeed support?

Vulnfeed supports stdio (for local installation) and SSE (for remote access).

Is authentication required to use Vulnfeed?

No signup is required for the free tier (10 scans/day, 1 monitored project). A paid subscription is available for unlimited scans and projects.

What are the limits on the free tier?

The free tier allows 10 scans per day and 1 monitored project.

Tags

More from Other