Dependency vulnerability monitoring MCP server — knows your lockfile, prioritizes by EPSS, recommends fix versions.
claude mcp add vulnfeed-mcp -- uvx vulnfeed-mcp{
"mcpServers": {
"vulnfeed-mcp": {
"command": "uvx",
"args": ["vulnfeed-mcp"]
}
}
}MCP Servers overview
<!-- mcp-name: io.github.novadyne-hq/vulnfeed -->
# VulnFeed — Dependency Vulnerability Monitoring for Claude Code
[](https://github.com/novadyne-hq/vulnfeed-mcp/actions/workflows/ci.yml)
[](https://pypi.org/project/vulnfeed-mcp/)
[](LICENSE)
[](https://glama.ai/mcp/servers/novadyne-hq/vulnfeed-mcp)
An MCP server that scans your project dependencies for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions.
**Free tier** — 10 scans/day, 1 monitored project, no signup required.
**Homepage:** [vulnfeed.novadyne.ai](https://vulnfeed.novadyne.ai)
## Install
```bash
uvx vulnfeed-mcp
```
### MCP client config
Add to your MCP client config (`~/.claude/settings.json` for Claude Code, `claude_desktop_config.json` for Claude Desktop):
**Free tier** (no signup, no API key):
```json
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"]
}
}
}
```
**Paid** ($14/mo, unlimited scans + projects):
```json
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"],
"env": {
"VULNFEED_API_KEY": "YOUR_LICENSE_KEY_HERE"
}
}
}
}
```
Get a license key at [vulnfeed.novadyne.ai](https://vulnfeed.novadyne.ai).
### x402 micropayments
VulnFeed also accepts [x402](https://x402.org) micropayments — AI agents can pay per scan with USDC on Base, no API key or signup needed. When the free tier limit is reached, the API returns HTTP 402 with payment requirements that x402-compatible clients handle automatically.
- $0.01 per scan
- $0.002 per CVE lookup
- $0.05 per project monitor setup
## Tools
### Scanning
| Tool | Description |
|------|-------------|
| `scan_project` | Auto-detect and scan all lockfiles in a directory |
| `scan_lockfile` | Scan a specific lockfile |
| `check_package` | Check a single package for vulnerabilities |
| `lookup_cve` | Detailed CVE info with EPSS + fix versions |
### Monitoring
| Tool | Description |
|------|-------------|
| `monitor_project` | Register for continuous monitoring |
| `check_alerts` | New vulns since last scan |
| `update_deps` | Update snapshot after upgrading packages |
| `list_monitored` | See all monitored projects |
| `unmonitor_project` | Remove from monitoring |
## Supported lockfiles
- `package-lock.json` (npm)
- `yarn.lock` (Yarn)
- `pnpm-lock.yaml` (pnpm)
- `requirements.txt` (pip)
- `Pipfile.lock` (Pipenv)
- `go.sum` / `go.mod` (Go)
- `Cargo.lock` (Rust)
- `Gemfile.lock` (Ruby)
- `composer.lock` (PHP)
## How it works
1. Parses your lockfile to extract dependency names + versions
2. Queries OSV.dev (NVD + GitHub Advisories) for known CVEs
3. Enriches with EPSS exploit probability scores
4. Filters noise — suppresses low-EPSS, non-critical CVEs by default
5. Sorts by exploitability — most likely to be exploited first
6. Returns fix version recommendations from package registries
### Smart filtering
By default, VulnFeed suppresses low-priority CVEs (EPSS < 10% AND CVSS < 9.0). This cuts noise by ~80%.
Pass `show_all=True` to any scan tool to see everything.
### Continuous monitoring
1. `monitor_project` — takes a baseline snapshot of current deps + known vulns
2. `check_alerts` — diffs against baseline, surfaces only new vulns
3. Run `check_alerts` periodically to catch newly published CVEs
## License
MIT
What people ask about vulnfeed-mcp
What is novadyne-hq/vulnfeed-mcp?
+
novadyne-hq/vulnfeed-mcp is mcp servers for the Claude AI ecosystem. Dependency vulnerability monitoring MCP server — knows your lockfile, prioritizes by EPSS, recommends fix versions. It has 0 GitHub stars and was last updated today.
How do I install vulnfeed-mcp?
+
You can install vulnfeed-mcp by cloning the repository (https://github.com/novadyne-hq/vulnfeed-mcp) or following the README instructions on GitHub. ClaudeWave also provides quick install blocks on this page.
Is novadyne-hq/vulnfeed-mcp safe to use?
+
novadyne-hq/vulnfeed-mcp has not been audited yet by our security agent. Review the original repository on GitHub before using it in production.
Who maintains novadyne-hq/vulnfeed-mcp?
+
novadyne-hq/vulnfeed-mcp is maintained by novadyne-hq. The last recorded GitHub activity is from today, with 0 open issues.
Are there alternatives to vulnfeed-mcp?
+
Yes. On ClaudeWave you can browse similar mcp servers at /categories/mcp, sorted by popularity or recent activity.
Deploy vulnfeed-mcp to your cloud
Ship this repo to production in minutes. Each platform spins up its own environment with editable env vars.
Maintain this repo? Add a badge to your README
Drop the badge into your GitHub README to show it's tracked on ClaudeWave. Each badge links back to this page and reflects the live Trust Score.
[](https://claudewave.com/repo/novadyne-hq-vulnfeed-mcp)<a href="https://claudewave.com/repo/novadyne-hq-vulnfeed-mcp"><img src="https://claudewave.com/api/badge/novadyne-hq-vulnfeed-mcp" alt="Featured on ClaudeWave: novadyne-hq/vulnfeed-mcp" width="320" height="64" /></a>More MCP Servers
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
An open-source AI agent that brings the power of Gemini directly into your terminal.
The fastest path to AI-powered full stack observability, even for lean teams.
🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。