MCP.so
登录

CIRCL CVE SEARCH MCP Server

@Cyreslab-AI

关于 CIRCL CVE SEARCH MCP Server

MCP server for CIRCL CVE Search API with intelligent risk assessment and comprehensive vulnerability analysis.

基本信息

分类

开发工具

许可证

MIT license

运行时

node

传输方式

stdio

发布者

Cyreslab-AI

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "circl-cve-search": {
      "command": "npx",
      "args": [
        "@cyreslab/circl-cve-search-mcp-server"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is CIRCL CVE SEARCH MCP Server?

The CIRCL CVE SEARCH MCP Server is a Model Context Protocol (MCP) server for accessing the CIRCL CVE SEARCH API. It provides comprehensive vulnerability and security information, making it suitable for security researchers and developers who need to query CVE, CWE, and CAPEC data programmatically.

How to use CIRCL CVE SEARCH MCP Server?

Install the package via npm and add it to your MCP client configuration using the command npx @cyreslab/circl-cve-search-mcp-server. The server exposes four tools: get_cve, browse_vendor, get_cwe, and get_capec, each with specific parameters for querying vulnerability data.

Key features of CIRCL CVE SEARCH MCP Server

  • Access detailed CVE information by ID.
  • Browse CVEs by vendor name.
  • Retrieve Common Weakness Enumeration (CWE) data.
  • Retrieve Common Attack Pattern Enumeration (CAPEC) data.
  • Automatic retry with exponential backoff for reliability.
  • Structured, readable response formatting.

Use cases of CIRCL CVE SEARCH MCP Server

  • Investigate a specific vulnerability by its CVE ID to understand impact and references.
  • Audit a vendor’s product security by browsing all CVEs associated with that vendor.
  • Classify vulnerabilities by weakness type using CWE data for reporting.
  • Study attack patterns via CAPEC data to improve threat modeling.
  • Integrate real-time CVE lookup into security automation pipelines.

FAQ from CIRCL CVE SEARCH MCP Server

What data sources does the server use?

The server uses the CIRCL CVE SEARCH API, which provides CVE data from the National Vulnerability Database (NVD), as well as CPE, CWE, and CAPEC data.

Does the API require authentication or have rate limits?

The CIRCL CVE SEARCH API is free to use and does not require authentication. Users should use it responsibly to avoid impacting the service.

What error conditions does the server handle?

The server handles invalid CVE/CWE/CAPEC ID formats, empty search queries, API rate limiting, network errors, and invalid parameters with clear, actionable error messages.

What tools are available and what parameters do they accept?

Available tools are get_cve (requires cve_id), browse_vendor (requires vendor, optional limit up to 50), get_cwe (requires cwe_id), and get_capec (requires capec_id).

评论

开发工具 分类下的更多 MCP 服务器