Loading...

Back to Database

VERIFIED

Cve Search

Safety: 85/100

0.0(0)

This MCP server provides access to CVE-Search API, enabling users to query vulnerability information, vendor/product details, and database statistics.

MCP ServersDevelopmentData & DatabasesSearch & WebAI & LLMSocial MediaUtilitiesFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Log in to purchase

Overview

This MCP server provides access to CVE-Search API, enabling users to query vulnerability information, vendor/product details, and database statistics.

This MCP server is generally safe due to its read-only nature and reliance on a well-established vulnerability database. Risks are primarily associated with the security and availability of the CVE-Search API itself. It is safe to use for querying vulnerability information but keep in mind the limitations of a third-party API.

Performance is dependent on the CVE-Search API's response times. Consider caching results if possible to reduce API calls.

There are no direct costs associated with this MCP server, but excessive API calls may be subject to rate limiting by CVE-Search.

CloudPython85 starsMIT

Connections & Capabilities

Connects To

GitHub

Capabilities

Read

Client Compatibility

Claude Desktop

full

Cursor

full

Windsurf

full

VS Code (Copilot)

full

Tools (6)

safe

get_vendors

Retrieves a JSON list of all vendors in the CVE database.

Read-only operation, no modification of data.

safe

get_products_by_vendor

Retrieves a JSON list of products associated with a specific vendor.

Read-only operation, no modification of data.

safe

get_vulnerabilities_by_vendor_product

Retrieves a JSON list of vulnerabilities for a specific vendor and product.

Read-only operation, no modification of data.

safe

get_cve_by_id

Retrieves a JSON representation of a specific CVE ID.

Read-only operation, no modification of data.

safe

get_last_30_cves

Retrieves a JSON list of the last 30 CVEs, including CAPEC, CWE, and CPE expansions.

Read-only operation, no modification of data.

safe

get_database_info

Retrieves a JSON with information about the current databases in use and when they were last updated.

Read-only operation, no modification of data.

Security

Auth Method

None

Data Locality

cloud

Known Risks

!Potential for CVE-Search API downtime.
!Risk of inaccurate or outdated information in the CVE database.
!Exposure to vulnerabilities if the CVE-Search API is compromised.

Safety Score

85

low risk

This MCP server is generally safe due to its read-only nature and reliance on a well-established vulnerability database. Risks are primarily associated with the security and availability of the CVE-Search API itself. It is safe to use for querying vulnerability information but keep in mind the limitations of a third-party API.

Positive

+Read-only access to CVE data.
+No write or delete operations.
+Queries are performed against a public API.
+No local execution of code.

Risks

-Reliance on the security of the CVE-Search API.
-Potential for information disclosure if the API is compromised.
-Rate limiting by the CVE-Search API could impact availability.

Use Cases

Vulnerability Management

-Identifying vulnerabilities affecting specific products.
-Prioritizing patching efforts based on CVE data.
-Tracking the latest vulnerabilities.

Security Research

-Analyzing vulnerability trends.
-Gathering information on specific CVEs.
-Identifying affected vendors and products.

Software Development

-Checking dependencies for known vulnerabilities.
-Ensuring software is not vulnerable to known exploits.
-Integrating vulnerability scanning into the development pipeline.

Who Is This For?

Best For

Security analysts
Software developers
Vulnerability researchers
Incident response teams

Not Ideal For

Automated patching systems
Environments requiring offline vulnerability data
Real-time vulnerability detection

Autonomy & Execution

Default ModeRead-only

Sandboxed

The server operates in read-only mode, limiting the scope for autonomous actions. Sandboxing is provided by the client environment.

StatelessYes

Retry LogicNot documented

ConcurrencySingle-threaded

Production Tip

Monitor the CVE-Search API for availability and rate limits to ensure consistent performance.

FAQ

What is CVE-Search?

CVE-Search is a vulnerability database that aggregates information from various sources, providing a comprehensive view of known vulnerabilities.

Is this MCP server free to use?

Yes, this MCP server is free to use, but it relies on the CVE-Search API, which may have its own usage policies.

How often is the CVE data updated?

The CVE data is updated regularly, but the frequency depends on the CVE-Search project. Use the `get_database_info` tool to check the last update time.

What kind of authentication is required?

No authentication is required to use this MCP server, as it accesses a public API.

Can I use this server to patch vulnerabilities?

No, this server only provides information about vulnerabilities. It does not have the capability to patch them.

What happens if the CVE-Search API is down?

If the CVE-Search API is unavailable, this MCP server will not be able to retrieve vulnerability information.

How can I contribute to this project?

You can contribute by submitting bug reports, feature requests, or pull requests on the GitHub repository.

Key Features

Development Data & Databases Search & Web AI & LLM Social Media Utilities

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Cve Search | AI Builder Hub Review & Alternatives | Flaex AI