Dependency vulnerability monitoring MCP server — knows your lockfile, prioritizes by EPSS, recommends fix versions.
claude mcp add vulnfeed-mcp -- uvx vulnfeed-mcp{
"mcpServers": {
"vulnfeed-mcp": {
"command": "uvx",
"args": ["vulnfeed-mcp"]
}
}
}Resumen de MCP Servers
<!-- mcp-name: io.github.novadyne-hq/vulnfeed -->
# VulnFeed — Dependency Vulnerability Monitoring for Claude Code
[](https://github.com/novadyne-hq/vulnfeed-mcp/actions/workflows/ci.yml)
[](https://pypi.org/project/vulnfeed-mcp/)
[](LICENSE)
[](https://glama.ai/mcp/servers/novadyne-hq/vulnfeed-mcp)
An MCP server that scans your project dependencies for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions.
**Free tier** — 10 scans/day, 1 monitored project, no signup required.
**Homepage:** [vulnfeed.novadyne.ai](https://vulnfeed.novadyne.ai)
## Install
```bash
uvx vulnfeed-mcp
```
### MCP client config
Add to your MCP client config (`~/.claude/settings.json` for Claude Code, `claude_desktop_config.json` for Claude Desktop):
**Free tier** (no signup, no API key):
```json
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"]
}
}
}
```
**Paid** ($14/mo, unlimited scans + projects):
```json
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"],
"env": {
"VULNFEED_API_KEY": "YOUR_LICENSE_KEY_HERE"
}
}
}
}
```
Get a license key at [vulnfeed.novadyne.ai](https://vulnfeed.novadyne.ai).
### x402 micropayments
VulnFeed also accepts [x402](https://x402.org) micropayments — AI agents can pay per scan with USDC on Base, no API key or signup needed. When the free tier limit is reached, the API returns HTTP 402 with payment requirements that x402-compatible clients handle automatically.
- $0.01 per scan
- $0.002 per CVE lookup
- $0.05 per project monitor setup
## Tools
### Scanning
| Tool | Description |
|------|-------------|
| `scan_project` | Auto-detect and scan all lockfiles in a directory |
| `scan_lockfile` | Scan a specific lockfile |
| `check_package` | Check a single package for vulnerabilities |
| `lookup_cve` | Detailed CVE info with EPSS + fix versions |
### Monitoring
| Tool | Description |
|------|-------------|
| `monitor_project` | Register for continuous monitoring |
| `check_alerts` | New vulns since last scan |
| `update_deps` | Update snapshot after upgrading packages |
| `list_monitored` | See all monitored projects |
| `unmonitor_project` | Remove from monitoring |
## Supported lockfiles
- `package-lock.json` (npm)
- `yarn.lock` (Yarn)
- `pnpm-lock.yaml` (pnpm)
- `requirements.txt` (pip)
- `Pipfile.lock` (Pipenv)
- `go.sum` / `go.mod` (Go)
- `Cargo.lock` (Rust)
- `Gemfile.lock` (Ruby)
- `composer.lock` (PHP)
## How it works
1. Parses your lockfile to extract dependency names + versions
2. Queries OSV.dev (NVD + GitHub Advisories) for known CVEs
3. Enriches with EPSS exploit probability scores
4. Filters noise — suppresses low-EPSS, non-critical CVEs by default
5. Sorts by exploitability — most likely to be exploited first
6. Returns fix version recommendations from package registries
### Smart filtering
By default, VulnFeed suppresses low-priority CVEs (EPSS < 10% AND CVSS < 9.0). This cuts noise by ~80%.
Pass `show_all=True` to any scan tool to see everything.
### Continuous monitoring
1. `monitor_project` — takes a baseline snapshot of current deps + known vulns
2. `check_alerts` — diffs against baseline, surfaces only new vulns
3. Run `check_alerts` periodically to catch newly published CVEs
## License
MIT
Lo que la gente pregunta sobre vulnfeed-mcp
¿Qué es novadyne-hq/vulnfeed-mcp?
+
novadyne-hq/vulnfeed-mcp es mcp servers para el ecosistema de Claude AI. Dependency vulnerability monitoring MCP server — knows your lockfile, prioritizes by EPSS, recommends fix versions. Tiene 0 estrellas en GitHub y se actualizó por última vez today.
¿Cómo se instala vulnfeed-mcp?
+
Puedes instalar vulnfeed-mcp clonando el repositorio (https://github.com/novadyne-hq/vulnfeed-mcp) o siguiendo las instrucciones del README en GitHub. ClaudeWave también te ofrece bloques de instalación rápida en esta misma página.
¿Es seguro usar novadyne-hq/vulnfeed-mcp?
+
novadyne-hq/vulnfeed-mcp aún no ha sido auditado por nuestro agente de seguridad. Revisa el repositorio original en GitHub antes de usarlo en producción.
¿Quién mantiene novadyne-hq/vulnfeed-mcp?
+
novadyne-hq/vulnfeed-mcp es mantenido por novadyne-hq. La última actividad registrada en GitHub es de today, con 0 issues abiertos.
¿Hay alternativas a vulnfeed-mcp?
+
Sí. En ClaudeWave puedes explorar mcp servers similares en /categories/mcp, ordenados por popularidad o actividad reciente.
Despliega vulnfeed-mcp en tu cloud
Lleva este repo a producción en minutos. Cada plataforma genera su propio entorno con variables de entorno editables.
¿Mantienes este repo? Añade un badge a tu README
Pega el badge en tu README de GitHub para mostrar que está auditado por ClaudeWave. Cada badge enlaza de vuelta a esta página y muestra el Trust Score actual.
[](https://claudewave.com/repo/novadyne-hq-vulnfeed-mcp)<a href="https://claudewave.com/repo/novadyne-hq-vulnfeed-mcp"><img src="https://claudewave.com/api/badge/novadyne-hq-vulnfeed-mcp" alt="Featured on ClaudeWave: novadyne-hq/vulnfeed-mcp" width="320" height="64" /></a>Más MCP Servers
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
An open-source AI agent that brings the power of Gemini directly into your terminal.
The fastest path to AI-powered full stack observability, even for lean teams.
🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。