Vulnfeed
@infai-tech
About Vulnfeed
An MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions. $14/mo — not per-seat.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": [
"vulnfeed-mcp"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Vulnfeed?
Vulnfeed is an MCP server that monitors your project’s dependencies for security vulnerabilities, native to Claude Code. It reads lockfiles, queries the NVD and GitHub Advisory Database for known CVEs, enriches results with EPSS (Exploit Prediction Scoring System) scores, and recommends exact fix versions from package registries. It is intended for developers using Claude Code who want continuous dependency vulnerability tracking.
How to use Vulnfeed?
Vulnfeed is an MCP server that can be run locally (stdio transport) or remotely (SSE transport). After installation, it provides 9 tools for scanning lockfiles, checking individual packages, looking up CVEs, and managing continuous monitoring. The free tier requires no signup and allows 10 scans per day and 1 monitored project; paid subscriptions are available.
Key features of Vulnfeed
- Reads 9 lockfile formats (package-lock.json, requirements.txt, go.sum, Cargo.lock, etc.)
- Queries NVD and GitHub Advisory Database for known CVEs
- Enriches findings with Exploit Prediction Scoring System (EPSS) scores
- Recommends exact fix versions from package registries
- Supports continuous monitoring with alerts for new CVEs
- 9 tools for scanning, checking, and managing projects
- Free tier available with 10 scans/day and 1 monitored project
Use cases of Vulnfeed
- Scan all lockfiles in a project directory to find known vulnerabilities
- Monitor a specific project continuously and receive alerts when new CVEs are published
- Look up detailed information about a specific CVE, including EPSS score and recommended fix version
- Check a single package for known vulnerabilities before adding it as a dependency
FAQ from Vulnfeed
What data sources does Vulnfeed use?
Vulnfeed queries the NVD (National Vulnerability Database) and GitHub Advisory Database for CVEs, and enriches results with EPSS scores from the Exploit Prediction Scoring System.
How is Vulnfeed different from other vulnerability scanners?
Vulnfeed uses EPSS scores to prioritize and filter noise, recommends exact fix versions from package registries, and offers continuous monitoring with no-signup free tier.
What transports does Vulnfeed support?
Vulnfeed supports stdio (for local installation) and SSE (for remote access).
Is authentication required to use Vulnfeed?
No signup is required for the free tier (10 scans/day, 1 monitored project). A paid subscription is available for unlimited scans and projects.
What are the limits on the free tier?
The free tier allows 10 scans per day and 1 monitored project.
More Other MCP servers
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.

EverArt
modelcontextprotocolModel Context Protocol Servers
ICSS
chokcoco不止于 CSS
Awesome Mcp Servers
punkpeyeA collection of MCP servers.
Production-ready MCP integrations for AI applications
Klavis-AIKlavis AI: MCP integration platforms that let AI agents use tools reliably at any scale
Comments