cve-mcp
Verified Safeby JoaquimCassano
Overview
Provides a tool-based interface to search for and retrieve details about Common Vulnerabilities and Exposures (CVEs) from official sources.
Installation
python server.pySecurity Notes
The code uses `cloudscraper` to bypass bot detection on `www.cve.org`, which, while not inherently malicious, is an aggressive technique that could lead to operational issues (e.g., IP bans or changes in scraping effectiveness). The `cve_id` is directly interpolated into a URL path in `gather_details` without explicit input validation, though the strict format of CVE IDs reduces the immediate risk of path traversal. Hardcoded user-agent and browser headers are used in network requests, which might require maintenance if external API detection methods change. No 'eval', obfuscation, hardcoded secrets, or other obvious malicious patterns were found. Pydantic models are used for robust data validation and parsing.
Similar Servers
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
nist-csf-2-mcp-server
A professional cybersecurity assessment backend API for NIST CSF 2.0, providing real-time dashboards and executive reporting capabilities.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
osv-mcp
An MCP (Model Context Protocol) server that provides access to the OSV (Open Source Vulnerabilities) database for LLM-powered applications.