Vulnfeed
@infai-tech
关于 Vulnfeed
An MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions. $14/mo — not per-seat.
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": [
"vulnfeed-mcp"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Vulnfeed?
Vulnfeed is an MCP server that monitors your project’s dependencies for security vulnerabilities, native to Claude Code. It reads lockfiles, queries the NVD and GitHub Advisory Database for known CVEs, enriches results with EPSS (Exploit Prediction Scoring System) scores, and recommends exact fix versions from package registries. It is intended for developers using Claude Code who want continuous dependency vulnerability tracking.
How to use Vulnfeed?
Vulnfeed is an MCP server that can be run locally (stdio transport) or remotely (SSE transport). After installation, it provides 9 tools for scanning lockfiles, checking individual packages, looking up CVEs, and managing continuous monitoring. The free tier requires no signup and allows 10 scans per day and 1 monitored project; paid subscriptions are available.
Key features of Vulnfeed
- Reads 9 lockfile formats (package-lock.json, requirements.txt, go.sum, Cargo.lock, etc.)
- Queries NVD and GitHub Advisory Database for known CVEs
- Enriches findings with Exploit Prediction Scoring System (EPSS) scores
- Recommends exact fix versions from package registries
- Supports continuous monitoring with alerts for new CVEs
- 9 tools for scanning, checking, and managing projects
- Free tier available with 10 scans/day and 1 monitored project
Use cases of Vulnfeed
- Scan all lockfiles in a project directory to find known vulnerabilities
- Monitor a specific project continuously and receive alerts when new CVEs are published
- Look up detailed information about a specific CVE, including EPSS score and recommended fix version
- Check a single package for known vulnerabilities before adding it as a dependency
FAQ from Vulnfeed
What data sources does Vulnfeed use?
Vulnfeed queries the NVD (National Vulnerability Database) and GitHub Advisory Database for CVEs, and enriches results with EPSS scores from the Exploit Prediction Scoring System.
How is Vulnfeed different from other vulnerability scanners?
Vulnfeed uses EPSS scores to prioritize and filter noise, recommends exact fix versions from package registries, and offers continuous monitoring with no-signup free tier.
What transports does Vulnfeed support?
Vulnfeed supports stdio (for local installation) and SSE (for remote access).
Is authentication required to use Vulnfeed?
No signup is required for the free tier (10 scans/day, 1 monitored project). A paid subscription is available for unlimited scans and projects.
What are the limits on the free tier?
The free tier allows 10 scans per day and 1 monitored project.
其他 分类下的更多 MCP 服务器
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
Maestro
mobile-dev-incPainless E2E Automation for Mobile and Web

Sequential Thinking
modelcontextprotocolModel Context Protocol Servers
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
Inbox Zero AI MCP
elie222The world's best AI personal assistant for email. Open source app to help you reach inbox zero fast.
评论