Search and audit CVEs by keyword, severity, CWE, CISA KEV status, and CPE via the NIST National Vulnerability Database. STDIO or Streamable HTTP.
MCP ServersOfficial Registry1 stars1 forks● TypeScriptApache-2.0Updated today
ClaudeWave Trust Score
87/100
Passed
- ✓Open-source license (Apache-2.0)
- ✓Actively maintained (<30d)
- ✓Clear description
- ✓Topics declared
Last scanned: 6/11/2026
Install in Claude Code / Claude Desktop
Method: Manual
Claude Code CLI
git clone https://github.com/cyanheads/nist-nvd-mcp-serverclaude_desktop_config.json (Claude Desktop)
{
"mcpServers": {
"nist-nvd": {
"command": "node",
"args": ["/path/to/nist-nvd-mcp-server/dist/index.js"],
"env": {
"NVD_API_KEY": "<nvd_api_key>"
}
}
}
}1. Run the command above in your terminal (Claude Code), or paste the JSON config into claude_desktop_config.json (Claude Desktop).
2. Replace any <placeholder> values with your API keys or paths.
3. Restart Claude. The MCP server and its tools appear automatically.
💡 Clone https://github.com/cyanheads/nist-nvd-mcp-server and follow its README for install instructions.
Detected environment variables
NVD_API_KEYAbout
MCP Servers overview
<div align="center">
<h1>@cyanheads/nist-nvd-mcp-server</h1>
<p><b>Search and audit CVEs by keyword, severity, CWE, CISA KEV status, and CPE via the NIST National Vulnerability Database. STDIO or Streamable HTTP.</b>
<div>5 Tools • 1 Resource</div>
</p>
</div>
<div align="center">
[](./CHANGELOG.md) [](./LICENSE) [](https://github.com/users/cyanheads/packages/container/package/nist-nvd-mcp-server) [](https://modelcontextprotocol.io/) [](https://www.npmjs.com/package/@cyanheads/nist-nvd-mcp-server) [](https://www.typescriptlang.org/) [](https://bun.sh/)
</div>
<div align="center">
[](https://github.com/cyanheads/nist-nvd-mcp-server/releases/latest/download/nist-nvd-mcp-server.mcpb) [](https://cursor.com/en/install-mcp?name=nist-nvd-mcp-server&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkBjeWFuaGVhZHMvbmlzdC1udmQtbWNwLXNlcnZlciJdfQ==) [](https://vscode.dev/redirect?url=vscode:mcp/install?%7B%22name%22%3A%22nist-nvd-mcp-server%22%2C%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22-y%22%2C%22%40cyanheads%2Fnist-nvd-mcp-server%22%5D%7D)
[](https://www.npmjs.com/package/@cyanheads/mcp-ts-core)
</div>
<div align="center">
**Public Hosted Server:** [https://nist-nvd.caseyjhand.com/mcp](https://nist-nvd.caseyjhand.com/mcp)
</div>
---
## Tools
Five tools for vulnerability research, CPE auditing, and change tracking against the NIST NVD API 2.0:
| Tool | Description |
|:-----|:------------|
| `nvd_search_cves` | Search CVEs by keyword, severity, CWE, date range, or CISA KEV status. |
| `nvd_get_cve` | Fetch one or more CVEs by ID — full CVSS scores, CWE, CPE configs, KEV fields, and references. |
| `nvd_search_cpes` | Search the NVD CPE dictionary by product keyword or partial match string. |
| `nvd_audit_cpe` | Find all CVEs affecting a specific product version by CPE name or virtual match string. |
| `nvd_get_cve_history` | Retrieve the change history for a CVE — score revisions, status transitions, and reference additions. |
### `nvd_search_cves`
The primary discovery tool for vulnerability surveillance and triage workflows.
- Full-text keyword search across CVE descriptions (AND-semantics across words)
- Severity filter by CVSS v2/v3/v4 label (LOW, MEDIUM, HIGH, CRITICAL)
- CWE weakness filter (e.g., `CWE-79`, `NVD-CWE-Other`)
- CISA KEV filter — limit results to known-exploited vulnerabilities
- Convenience date shorthands: `pubDays` and `lastModDays` for "last N days" queries
- Explicit ISO 8601 date range parameters (`pubStartDate`/`pubEndDate`, etc.) with 120-day max span
- Auto-clamps convenience date params that exceed 120 days and reports clamped values in `queryMeta`
- Pagination via `limit` (up to 2000) and `offset`
- Results are always brief; call `nvd_get_cve` for full detail
---
### `nvd_get_cve`
Fetch one or more CVEs by ID with full detail or brief summaries.
- Batch up to 100 CVE IDs per call
- Full mode: all CVSS scores across v2.0, v3.0, v3.1, and v4.0; CWE weaknesses; CPE configurations; CISA KEV fields; references
- Brief mode (`brief: true`): ID, status, top severity, KEV name — recommended for batches larger than 10
- `includeReferences: false` to strip the references array and reduce response size
- Per-ID parity check: `queryMeta.missingIds` lists any requested IDs NVD didn't return
---
### `nvd_search_cpes`
Look up product identifiers before auditing.
- Keyword search (e.g., `"apache http server"`, `"openssl"`) or partial CPEv2.3 pattern
- Returns full CPE name, human-readable title, deprecation status, and superseding CPEs
- Pagination up to 10,000 entries — narrow the keyword when `totalResults > returned`
- Use this before `nvd_audit_cpe` — CPE names are arcane strings; guessing audits the wrong product
---
### `nvd_audit_cpe`
Full CVE audit for a specific product version.
- Two modes: exact `cpeName` (NVD auto-applies `isVulnerable`) or `virtualMatchString` with optional version range bounds
- Version range via `versionStart`/`versionEnd` with inclusive/exclusive type control
- Client-side severity filter (`severityMin`) to strip low-signal entries
- Returns full CVE records (ID, CVSS scores, CWE, CPE configurations, KEV fields, references)
- Echoes the CPE identifier used in `queryMeta` so callers can verify the correct product was queried
---
### `nvd_get_cve_history`
Track a CVE's lifecycle over time.
- Returns change events in reverse-chronological order: CVSS revisions, status transitions, reference additions, CPE configuration updates
- Paginated via `limit` and `offset`
- Note: the NVD history endpoint is significantly slower without an API key — set `NVD_API_KEY` and raise `NVD_REQUEST_TIMEOUT_MS` for reliable operation
## Resource
| Type | Name | Description |
|:-----|:-----|:------------|
| Resource | `nvd://cve/{cveId}` | Full CVE record by ID — same data as `nvd_get_cve` for a single ID, as a stable URI for injectable context. |
All resource data is also reachable via tools.
## Features
Built on [`@cyanheads/mcp-ts-core`](https://www.npmjs.com/package/@cyanheads/mcp-ts-core):
- Declarative tool, resource, and prompt definitions — single file per primitive, framework handles registration and validation
- Unified error handling — handlers throw, framework catches, classifies, and formats
- Pluggable auth: `none`, `jwt`, `oauth`
- Swappable storage backends: `in-memory`, `filesystem`, `Supabase`, `Cloudflare KV/R2/D1`
- Structured logging with optional OpenTelemetry tracing
- STDIO and Streamable HTTP transports
NVD-specific:
- Token-bucket rate limiter enforces NVD's 5 req/30s (no key) and 50 req/30s (with key) limits with automatic queuing
- Sliding-window minimum inter-request gap derived from the window and limit — no burst, no 403s
- Automatic retry with backoff via `withRetry`; parses `Retry-After` header on 403 responses
- HTML-response guard catches NVD rate-limit pages served as HTML instead of 403
Agent-friendly output:
- `queryMeta` on every response — total results, returned count, page offset, and any date-clamping events so agents can reason about what was actually queried
- `missingIds` in batch CVE lookups — per-ID parity check instead of a silent partial result
- CPE echo in audit responses — `cpeName` or `virtualMatchString` reflected back so callers can verify the correct product was audited
## Getting started
Add the following to your MCP client configuration file.
```json
{
"mcpServers": {
"nist-nvd-mcp-server": {
"type": "stdio",
"command": "bunx",
"args": ["@cyanheads/nist-nvd-mcp-server@latest"],
"env": {
"MCP_TRANSPORT_TYPE": "stdio",
"MCP_LOG_LEVEL": "info",
"NVD_API_KEY": "your-api-key"
}
}
}
}
```
Or with npx (no Bun required):
```json
{
"mcpServers": {
"nist-nvd-mcp-server": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@cyanheads/nist-nvd-mcp-server@latest"],
"env": {
"MCP_TRANSPORT_TYPE": "stdio",
"MCP_LOG_LEVEL": "info",
"NVD_API_KEY": "your-api-key"
}
}
}
}
```
Or with Docker:
```json
{
"mcpServers": {
"nist-nvd-mcp-server": {
"type": "stdio",
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "MCP_TRANSPORT_TYPE=stdio",
"-e", "NVD_API_KEY=your-api-key",
"ghcr.io/cyanheads/nist-nvd-mcp-server:latest"
]
}
}
}
```
For Streamable HTTP, set the transport and start the server:
```sh
MCP_TRANSPORT_TYPE=http MCP_HTTP_PORT=3010 NVD_API_KEY=... bun run start:http
# Server listens at http://localhost:3010/mcp
```
### Prerequisites
- [Bun v1.3.0](https://bun.sh/) or higher (or Node.js v24+).
- Optional: [NVD API key](https://nvd.nist.gov/developers/request-an-api-key) — free, raises rate limit from 5 req/30s to 50 req/30s.
### Installation
1. **Clone the repository:**
```sh
git clone https://github.com/cyanheads/nist-nvd-mcp-server.git
```
2. **Navigate into the directory:**
```sh
cd nist-nvd-mcp-server
```
3. **Install dependencies:**
```sh
bun install
```
4. **Configure environment:**
```sh
cp .env.example .env
# edit .env and set NVD_API_KEY if you have one
```
## Configuration
| Variable | Description | Default |
|:---------|:------------|:--------|
| `NVD_API_KEY` | NVD API key. Without it, rate limit is 5 req/30s; with it, 50 req/30s. Get one free at [nvd.nist.gov/developers/request-an-api-key](https://nvd.nist.gov/developers/request-an-api-key). | — |
| `NVD_REQUEST_TIMEOUT_MS` | Per-request timeout in milliseconds. The history endpoint is slow without an API key — raise to 60000 if using `nvd_get_cve_history` without a key. | `10000` |
| `MCP_TRANSPORT_TYPE` | Transport: `stdio` or `http`. | `stdio` |
| `MCP_HTTP_PORT` | Port for HTTP server. | `3010` |
| `MCP_AUTH_MODE` | Auth mode: `none`, `jwt`, or `oauth`. | `none` |
| `MCP_LOG_LEVEL` | Log level (RFC 5424). | `info` |
| `LOGS_DIR` | DTopics
buncisa-kevcpecvecvssmcpmcp-servermodel-context-protocolnistnvdsecuritytypescriptvulnerability
Frequently asked
What people ask about nist-nvd-mcp-server
What is cyanheads/nist-nvd-mcp-server?
+
cyanheads/nist-nvd-mcp-server is mcp servers for the Claude AI ecosystem. Search and audit CVEs by keyword, severity, CWE, CISA KEV status, and CPE via the NIST National Vulnerability Database. STDIO or Streamable HTTP. It has 1 GitHub stars and was last updated today.
How do I install nist-nvd-mcp-server?
+
You can install nist-nvd-mcp-server by cloning the repository (https://github.com/cyanheads/nist-nvd-mcp-server) or following the README instructions on GitHub. ClaudeWave also provides quick install blocks on this page.
Is cyanheads/nist-nvd-mcp-server safe to use?
+
Our security agent has analyzed cyanheads/nist-nvd-mcp-server and assigned a Trust Score of 87/100 (tier: Trusted). See the full breakdown of passed checks and flags on this page.
Who maintains cyanheads/nist-nvd-mcp-server?
+
cyanheads/nist-nvd-mcp-server is maintained by cyanheads. The last recorded GitHub activity is from today, with 3 open issues.
Are there alternatives to nist-nvd-mcp-server?
+
Yes. On ClaudeWave you can browse similar mcp servers at /categories/mcp, sorted by popularity or recent activity.
1-click deploy
Deploy nist-nvd-mcp-server to your cloud
Ship this repo to production in minutes. Each platform spins up its own environment with editable env vars.
Embeddable badge
Maintain this repo? Add a badge to your README
Drop the badge into your GitHub README to show it's tracked on ClaudeWave. Each badge links back to this page and reflects the live Trust Score.
[](https://claudewave.com/repo/cyanheads-nist-nvd-mcp-server)<a href="https://claudewave.com/repo/cyanheads-nist-nvd-mcp-server"><img src="https://claudewave.com/api/badge/cyanheads-nist-nvd-mcp-server" alt="Featured on ClaudeWave: cyanheads/nist-nvd-mcp-server" width="320" height="64" /></a>Related
More MCP Servers
n8n-io
n8n
today
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
192.2k58.5kTypeScript
MCP ServersaiapisInstall
open-webui
open-webui
today
User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
141.3k20.3kPython
MCP ServersaillmInstall
google-gemini
gemini-cli
today
An open-source AI agent that brings the power of Gemini directly into your terminal.
105.2k14kTypeScript
MCP Serversaiai-agentsInstall
netdata
netdata
today
The fastest path to AI-powered full stack observability, even for lean teams.
79.1k6.4kC
MCP ServersaialertingInstall
D4Vinci
Scrapling
5d ago
🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!
63.3k6.2kPython
MCP Serversaiai-scrapingInstall
sansan0
TrendRadar
today
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。
59.4k24.6kPython
MCP ServersaibarkInstall