Vuln nist mcp server

Vuln nist mcp server

This MCP server exposes tools to query the NVD/CVE REST API and return formatted text results suitable for LLM consumption via the MCP protocol. It includes automatic query chunking for large date ranges and parallel processing for improved performance.

556

6 Tools

Packaged by

Add to Docker Desktop

Version 4.43 or later needs to be installed to add the server automatically

Overview Tools (6)Manual installation

Docker Hub⁠Github repository⁠

Use cases

Retrieve change history for a CVE or a time window. If no cve_id is provided and the date range exceeds 120 days, the query is split into multiple chunks (max 120 days each) and results aggregated.

List CVEs associated with a specific CPE

Retrieve a CVE by its CVE-ID

Get current date and temporal context when it needed. **USAGE**: Call this tool FIRST when user asks for time-relative question like "this year", "last year", "6 months ago", etc. Returns current date context and examples for constructing specific date parameters.

List CVEs added to CISA KEV catalog in a date window. If the requested window exceeds 90 days, the query is automatically split into multiple chunks (max 90 days each) and results are aggregated.

Search CVEs by keyword in description, with flexible time filtering. **IMPORTANT**: For time-relative queries (this year, last year, etc.), call get_temporal_context() FIRST to get current date information. **Date filtering logic (in priority order):** - If start_date and end_date are provided → use them directly - Else if last_days is provided → calculate start_date = now - last_days - Else fallback to last 30 days **Technical notes:** - If the time period > 120 days, queries are split into 120-day chunks - start_date, end_date: Use ISO 8601 format: "YYYY-MM-DDTHH:MM:SS" - recent_days parameter is deprecated, use last_days instead.

About

Vuln nist mcp server MCP Server

This MCP server exposes tools to query the NVD/CVE REST API and return formatted text results suitable for LLM consumption via the MCP protocol. It includes automatic query chunking for large date ranges and parallel processing for improved performance.

What is an MCP Server?⁠

Characteristics

Attribute	Details
Docker Image	mcp/vuln-nist-mcp-server⁠
Author	HaroldFinchIFT⁠
Repository	https://github.com/HaroldFinchIFT/vuln-nist-mcp-server⁠
Dockerfile	https://github.com/HaroldFinchIFT/vuln-nist-mcp-server/blob/main/Dockerfile⁠
Docker Image built by	Docker Inc.
Docker Scout Health Score
Verify Signature	`COSIGN_REPOSITORY=mcp/signatures cosign verify mcp/vuln-nist-mcp-server --key https://raw.githubusercontent.com/docker/keyring/refs/heads/main/public/mcp/latest.pub`
Licence	MIT License

Available Tools (6)

Tools provided by this Server	Short Description
`cve_change_history`	Retrieve change history for a CVE or a time window.
`cves_by_cpe`	List CVEs associated with a specific CPE
`get_cve_by_id`	Retrieve a CVE by its CVE-ID
`get_temporal_context`	Get current date and temporal context when it needed.
`kevs_between`	List CVEs added to CISA KEV catalog in a date window.
`search_cves`	Search CVEs by keyword in description, with flexible time filtering.

Tools Details

Tool: `cve_change_history`

Retrieve change history for a CVE or a time window. If no cve_id is provided and the date range exceeds 120 days, the query is split into multiple chunks (max 120 days each) and results aggregated.

Parameters	Type	Description
`changeEndDate`	`string`optional
`changeStartDate`	`string`optional
`cve_id`	`string`optional
`resultsPerPage`	`string`optional
`startIndex`	`string`optional

Tool: `cves_by_cpe`

List CVEs associated with a specific CPE

Parameters	Type	Description
`cpe_name`	`string`optional
`is_vulnerable`	`string`optional

Tool: `get_cve_by_id`

Retrieve a CVE by its CVE-ID

Parameters	Type	Description
`cve_id`	`string`optional

Tool: `get_temporal_context`

Get current date and temporal context when it needed.

**USAGE**: Call this tool FIRST when user asks for time-relative question like "this year", "last year", "6 months ago", etc.

Returns current date context and examples for constructing specific date parameters.

Tool: `kevs_between`

List CVEs added to CISA KEV catalog in a date window. If the requested window exceeds 90 days, the query is automatically split into multiple chunks (max 90 days each) and results are aggregated.

Parameters	Type	Description
`kevEndDate`	`string`optional
`kevStartDate`	`string`optional
`resultsPerPage`	`string`optional
`startIndex`	`string`optional

Tool: `search_cves`

Search CVEs by keyword in description, with flexible time filtering.

**IMPORTANT**: For time-relative queries (this year, last year, etc.), call get_temporal_context() FIRST to get current date information.

**Date filtering logic (in priority order):**
- If start_date and end_date are provided → use them directly
- Else if last_days is provided → calculate start_date = now - last_days
- Else fallback to last 30 days

**Technical notes:**
- If the time period > 120 days, queries are split into 120-day chunks
- start_date, end_date: Use ISO 8601 format: "YYYY-MM-DDTHH:MM:SS"
- recent_days parameter is deprecated, use last_days instead.

Parameters	Type	Description
`end_date`	`string`optional
`keyword`	`string`optional
`last_days`	`string`optional
`recent_days`	`string`optional
`resultsPerPage`	`integer`optional
`startIndex`	`integer`optional
`start_date`	`string`optional

Use this MCP Server

{
  "mcpServers": {
    "vuln-nist-mcp-server": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "mcp/vuln-nist-mcp-server"
      ]
    }
  }
}

Why is it safer to run MCP Servers with Docker?⁠

Manual installation

You can install the MCP server using:

Installation for

Related servers