npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@scarlet-mesh/mcp-cve

v1.0.0

Published

CVE MCP Server providing security vulnerability analysis and Red Hat CVE data

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

rohit-bharmalrohit-bharmalhybridxhybridx

Keywords

mcpservercvesecurityvulnerabilityred-hat

Readme

Red Hat CVE Information MCP Server

Overview

This MCP (Model Context Protocol) server, cve, provides comprehensive access to Red Hat's Common Vulnerabilities and Exposures (CVE) information through Red Hat's CSAF (Common Security Advisory Framework) feed. It enables AI tools and applications to retrieve detailed security vulnerability information, including severity ratings, affected products, remediation steps, and reference links.

Features

  • CVE Data Retrieval: Fetch detailed information for any CVE from Red Hat's security feed
  • Severity Assessment: Get CVSS v3 severity ratings (Critical, Important, Moderate, Low)
  • Affected Products: Identify which Red Hat products and versions are impacted by specific vulnerabilities
  • Remediation Information: Access detailed remediation steps and security patches
  • Rich HTML Summaries: Generate formatted HTML cards with comprehensive CVE information
  • Reference Links: Direct access to security advisories and additional documentation

Tools

The server provides the following MCP tools:

  • summarize-cve: Fetch and summarize a CVE from Red Hat's CSAF feed with detailed markdown formatting
  • get-cve-summary-html: Generate a rich HTML card-style summary with severity, products, links, and remediation info

Data Source

The server fetches CVE data from Red Hat's CSAF v2 VEX feed:

https://security.access.redhat.com/data/csaf/v2/vex/{year}/cve-{year}-{number}.json

This provides the most up-to-date and comprehensive security information directly from Red Hat's security team.

Setup

Prerequisites

  • Node.js
  • Internet connection (for accessing Red Hat's CSAF feed)
  • An MCP client (e.g., a compatible AI tool or application)

Installation

  1. Clone this repository or navigate to the cve package.

  2. Install the dependencies:

    npm install

Running the Server

  1. Start the server:

    npm start

    The server will listen for MCP requests via standard input/output.

Usage

To use the server, send MCP requests from a compatible client. Here are example requests for each tool:

  • Get CVE summary (Markdown format):

    {
  "tool_name": "summarize-cve",
  "input": {
    "cveId": "CVE-2024-53907"
  }
}

  • Get CVE summary (HTML format):

    {
  "tool_name": "get-cve-summary-html",
  "input": {
    "cveId": "CVE-2024-53907"
  }
}

CVE ID Format

The server accepts CVE IDs in the standard format: CVE-YYYY-NNNNN

Examples:

  • CVE-2024-53907
  • CVE-2023-12345
  • CVE-2022-67890

Refer to the MCP client documentation for instructions on sending requests and handling responses.

Response Formats

Markdown Summary

The summarize-cve tool provides comprehensive information in markdown format including:

  • Title: Full CVE title and description
  • Tracking ID: Internal Red Hat tracking identifier
  • Severity: CVSS v3 severity rating
  • Notes: Detailed vulnerability description and context
  • Affected Products: List of impacted Red Hat products and versions
  • References: Links to security advisories and additional resources

HTML Summary

The get-cve-summary-html tool generates a rich, styled HTML card featuring:

  • Color-coded severity indicators:
    • Critical: Red background
    • Important: Orange background
    • Moderate: Yellow background
    • Low: Blue background
  • Structured product listings
  • Formatted remediation steps
  • Clickable reference links
  • Professional card-style presentation

Severity Levels

The server recognizes the following CVSS v3 severity levels:

  • Critical: Immediate action required
  • Important: High priority patching needed
  • Moderate: Standard patching timeline
  • Low: Lower priority, patch when convenient

Supported CVE Years

The server can retrieve CVE information for any year that Red Hat has published CSAF data, typically covering:

  • Current year vulnerabilities
  • Historical CVEs from previous years
  • All Red Hat product security advisories

Error Handling

The server provides meaningful error messages for:

  • Invalid CVE format: Guidance on proper CVE ID formatting
  • CVE not found: Information when a CVE doesn't exist in Red Hat's feed
  • Network issues: Helpful messages for connectivity problems
  • Malformed responses: Graceful handling of API response issues

Security Context

This server provides access to public CVE information and does not require authentication. All CVE data retrieved is publicly available security information that Red Hat publishes as part of their commitment to transparency and security.