npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

nvd-cve-mcp-server

v1.0.2

Published

MCP server for searching and retrieving CVE vulnerability information from NVD

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ydeshuiydeshui

Keywords

mcpcvenvdsecurityvulnerabilitymodel-context-protocolmcp-server

Readme

NVD CVE MCP Server

npm version License: MIT

A Model Context Protocol (MCP) server for retrieving and displaying CVE vulnerability information from the National Vulnerability Database (NVD). Features dual data sources with NVD API and web scraping fallback.

✨ Features

  • 🔍 CVE Details Lookup: Retrieve complete vulnerability information by CVE ID
  • 🔎 Keyword Search: Search for CVE vulnerabilities by keywords
  • 📊 Formatted Output: Display vulnerability information in elegant Markdown format
  • 🔄 Dual Data Sources: API-first approach with web scraping as fallback
  • 🌐 Multi-language Support: Full support for both English and Chinese

📦 Installation

Prerequisites

  • Node.js >= 18.0.0
  • npm or yarn

Quick Start with npx (Recommended)

No installation required! Use directly with npx:

{
  "mcpServers": {
    "nvd-cve": {
      "command": "npx",
      "args": ["-y", "nvd-cve-mcp-server"]
    }
  }
}

Global Installation

npm install -g nvd-cve-mcp-server

Local Installation

npm install nvd-cve-mcp-server

🚀 Usage

1. Configure as MCP Server

Configure in Claude Desktop or other MCP-compatible applications:

macOS/Linux (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "nvd-cve": {
      "command": "npx",
      "args": ["-y", "nvd-cve-mcp-server"]
    }
  }
}

Windows (%APPDATA%\Claude\claude_desktop_config.json):

{
  "mcpServers": {
    "nvd-cve": {
      "command": "npx",
      "args": ["-y", "nvd-cve-mcp-server"]
    }
  }
}

2. Direct Execution

npm start

🛠️ Available Tools

1. get_cve_details

Retrieve detailed information for a specific CVE.

Parameters:

  • cve_id (required): CVE ID in format CVE-YYYY-NNNNN

Example:

Get details for CVE-2025-13583

Output Format:

# CVE-2025-13583

## 📊 Basic Information

- **CVE ID**: CVE-2025-13583
- **CVSS Score**: 9.8
- **Severity**: CRITICAL
- **Published**: 2025-11-23
- **Last Modified**: 2025-11-26
- **CWE Type**: CWE-89

## 📝 Description

[Detailed vulnerability description]

## 🔗 References

1. [VulDB](https://vuldb.com/?id.333344)
2. [GitHub Issue](https://github.com/rassec2/dbcve/issues/6)

## 🌐 Official Links

- [NVD Details](https://nvd.nist.gov/vuln/detail/CVE-2025-13583)
- [CVE Record](https://cve.org/CVERecord?id=CVE-2025-13583)

2. search_cves

Search for CVE vulnerabilities by keyword.

Parameters:

  • keyword (required): Search keyword
  • limit (optional): Number of results to return (default: 10, max: 20)

Example:

Search for CVEs related to "SQL injection"
Search for "WordPress" vulnerabilities, limit to 5 results

Output Format:

# CVE Search Results: "SQL injection"

Found 10 related vulnerabilities

| CVE ID | Severity | CVSS | Published | Description |
|--------|----------|------|-----------|-------------|
| CVE-2025-13583 | CRITICAL | 9.8 | 2025-11-23 | A vulnerability has been found in code-projects... |
| CVE-2025-13582 | HIGH | 7.3 | 2025-11-23 | A vulnerability was found in code-projects... |

📋 Usage Examples

Using with Claude

  1. Query Specific CVE:

    Please help me query CVE-2025-13583 details

  2. Search Vulnerabilities:

    Search for recent SQL injection vulnerabilities

  3. Search by Product:

    Find WordPress-related CVE vulnerabilities

🔧 Technical Architecture

Data Sources

  1. NVD API (Primary)

    • Official REST API: https://services.nvd.nist.gov/rest/json/cves/2.0
    • Provides structured JSON data
    • Includes complete CVSS scores, CWE classifications, etc.

  2. NVD Web (Fallback)

    • Web scraping when API is unavailable
    • Uses Cheerio for HTML parsing
    • Extracts key vulnerability information

Core Dependencies

  • @modelcontextprotocol/sdk: MCP protocol implementation
  • axios: HTTP client
  • cheerio: HTML parser

📊 Data Format

CVE Details Object

{
  id: "CVE-2025-13583",
  description: "Vulnerability description...",
  cvssScore: 9.8,
  severity: "CRITICAL",
  published: "2025-11-23T10:15:03.000",
  lastModified: "2025-11-26T12:39:31.000",
  references: [
    {
      url: "https://example.com",
      source: "VulDB"
    }
  ],
  cweId: "CWE-89",
  source: "api" // or "web"
}

⚠️ Important Notes

  1. API Rate Limits: NVD API has rate limits, please use responsibly
  2. Network Requirements: Requires access to nvd.nist.gov
  3. Data Freshness: CVE information is updated regularly, check for latest data
  4. Format Validation: CVE ID must follow CVE-YYYY-NNNNN format

🐛 Troubleshooting

Common Issues

  1. API Timeout

    • Check network connection
    • System will automatically switch to web scraping mode

  2. CVE Not Found

    • Verify CVE ID format is correct
    • Check if CVE has been published to NVD

  3. No Search Results

    • Try using more general keywords
    • Check spelling

📝 Development

Project Structure

nvd-cve-mcp-server/
├── src/
│   └── index.js          # Main server code
├── package.json          # Project configuration
└── README.md            # Documentation

Local Development

# Development mode (auto-restart)
npm run dev

# Production mode
npm start

🤝 Contributing

Issues and Pull Requests are welcome!

📄 License

MIT License

👥 Author

SOCTeam.AI

🔗 Related Links

Note: This tool is for security research and educational purposes only. Please comply with relevant laws, regulations, and ethical standards.