cve-mcp-server
Verified Safeby davidculver
Overview
Provides conversational access to a local, containerized CVE (Common Vulnerabilities and Exposures) database via Model Context Protocol (MCP).
Installation
sudo docker exec -i cve-mcp-server python -m src.mcp_serverEnvironment Variables
- CVE_REPO_URL
- CVE_REPO_PATH
- CVE_GITHUB_API_BASE
- CVE_DB_PATH
Security Notes
The server is designed for local-only use with stdio transport, minimizing network attack surface. It uses parameterized queries for SQLite operations to prevent SQL injection. Configuration (e.g., repository URLs) is loaded from environment variables, preventing hardcoded secrets. The data ingestion process uses `subprocess.run` for `git clone` from a trusted public repository (CVEProject/cvelistV5) for bulk data loading, which is a controlled external execution. The project is explicitly marked as a 'PROTOTYPE' and mentions future network access (SSE transport) would introduce new security considerations, but currently, it operates locally via stdio.
Similar Servers
awesome-mcp-servers
A comprehensive directory for discovering various Model Context Protocol (MCP) servers, clients, and frameworks across different domains, facilitating integration with AI assistants.
zenfeed
An AI-powered information hub that acts as an intelligent RSS reader, real-time news knowledge base, and personal assistant for monitoring events and delivering analysis reports.
mcp-server-infranodus
Integrates InfraNodus knowledge graph and text network analysis capabilities into LLM workflows and AI assistants for generating knowledge graphs, detecting content gaps, identifying topics, and performing SEO analysis.
mcp-dblp
Provides a Model Context Protocol (MCP) server for Large Language Models (LLMs) to access, search, and manage publications and BibTeX entries from the DBLP computer science bibliography database.