Nist Nvd Mcp Server
What is Nist Nvd Mcp Server
nist-nvd-mcp-server is a comprehensive Model Context Protocol (MCP) server that provides access to the NIST National Vulnerability Database (NVD) API. It allows AI agents to search, retrieve, and analyze vulnerability data from the authoritative U.S. government repository.
Use cases
Use cases include automated vulnerability scanning, integration with security information and event management (SIEM) systems, and supporting AI-driven security solutions for real-time vulnerability analysis and reporting.
How to use
To use nist-nvd-mcp-server, install it via npm with ‘npm install @cyreslab/nist-nvd-mcp-server’ or clone the repository and build it locally. Run the server using ‘npm start’ or in development mode with ‘npm run dev’. Integrate it with your MCP client by adding the server configuration in JSON format.
Key features
Key features include advanced CVE search and retrieval, CPE-based searches, CVSS analysis, change history tracking, high-priority detection, intelligent caching, rate limiting, error handling, data validation, and rich formatting of JSON responses.
Where to use
nist-nvd-mcp-server can be used in cybersecurity, vulnerability management, and risk assessment fields, providing essential data for organizations to manage and mitigate vulnerabilities effectively.
Overview
What is Nist Nvd Mcp Server
nist-nvd-mcp-server is a comprehensive Model Context Protocol (MCP) server that provides access to the NIST National Vulnerability Database (NVD) API. It allows AI agents to search, retrieve, and analyze vulnerability data from the authoritative U.S. government repository.
Use cases
Use cases include automated vulnerability scanning, integration with security information and event management (SIEM) systems, and supporting AI-driven security solutions for real-time vulnerability analysis and reporting.
How to use
To use nist-nvd-mcp-server, install it via npm with ‘npm install @cyreslab/nist-nvd-mcp-server’ or clone the repository and build it locally. Run the server using ‘npm start’ or in development mode with ‘npm run dev’. Integrate it with your MCP client by adding the server configuration in JSON format.
Key features
Key features include advanced CVE search and retrieval, CPE-based searches, CVSS analysis, change history tracking, high-priority detection, intelligent caching, rate limiting, error handling, data validation, and rich formatting of JSON responses.
Where to use
nist-nvd-mcp-server can be used in cybersecurity, vulnerability management, and risk assessment fields, providing essential data for organizations to manage and mitigate vulnerabilities effectively.
Content
NIST NVD MCP Server
A comprehensive Model Context Protocol (MCP) server providing access to the NIST National Vulnerability Database (NVD) API. This server enables AI agents to search, retrieve, and analyze vulnerability data from the authoritative U.S. government repository of standards-based vulnerability management data.
Features
Core Capabilities
- CVE Search & Retrieval: Advanced search with keyword, date, severity, and CWE filtering
- CPE-Based Searches: Find vulnerabilities affecting specific products and versions
- CVSS Analysis: Filter by CVSS v2/v3/v4 scores and severity ratings
- Change History Tracking: Monitor CVE modifications and analysis updates
- High-Priority Detection: Automated discovery of CISA KEV, CERT alerts, and critical CVEs
- Comprehensive Filtering: Date ranges, rejection status, source identifiers, and more
Advanced Features
- Intelligent Caching: 5-minute TTL with automatic cleanup
- Rate Limiting: Built-in retry logic with exponential backoff
- Error Handling: Comprehensive HTTP error handling and user-friendly messages
- Data Validation: NIST API compliance with proper date range enforcement (120-day max)
- Rich Formatting: Enhanced JSON responses with security metrics extraction
Installation
npm install @cyreslab/nist-nvd-mcp-server
Or clone and build locally:
git clone https://github.com/cyreslab/nist-nvd-mcp-server.git
cd nist-nvd-mcp-server
npm install
npm run build
Quick Start
Basic Usage
# Run the server
npm start
# Or run in development mode
npm run dev
Integration with AI Agents
Add to your MCP client configuration:
{
"servers": {
"nist-nvd": {
"command": "node",
"args": [
"/path/to/nist-nvd-mcp-server/build/index.js"
]
}
}
}Available Tools
1. search_cves
Search CVEs with comprehensive filtering options.
Parameters:
keywordSearch(string): Search terms in CVE descriptionskeywordExactMatch(boolean): Exact phrase matchingcvssV3Severity(enum): LOW, MEDIUM, HIGH, CRITICALcvssV2Severity(enum): LOW, MEDIUM, HIGHcweId(string): Common Weakness Enumeration ID (e.g., “CWE-79”)hasKev(boolean): CISA Known Exploited Vulnerabilities onlyhasCertAlerts(boolean): US-CERT Technical Alerts onlyhasCertNotes(boolean): CERT/CC Vulnerability Notes onlynoRejected(boolean): Exclude rejected CVEspubStartDate/pubEndDate(string): Publication date range (ISO-8601)lastModStartDate/lastModEndDate(string): Modification date rangeresultsPerPage(number): 1-2000, default 20startIndex(number): Pagination offset
Example:
{
"keywordSearch": "remote code execution",
"cvssV3Severity": "CRITICAL",
"hasKev": true,
"resultsPerPage": 10
}2. get_cve
Retrieve detailed information about a specific CVE.
Parameters:
cveId(string, required): CVE identifier (e.g., “CVE-2021-44228”)
Example:
{
"cveId": "CVE-2021-44228"
}3. search_cves_by_cpe
Find CVEs affecting specific products using CPE.
Parameters:
cpeName(string): Full CPE namevirtualMatchString(string): CPE match string for broader searchesisVulnerable(boolean): Only return vulnerable configurationsversionStart/versionEnd(string): Version range filteringversionStartType/versionEndType(enum): “including” or “excluding”
Example:
{
"virtualMatchString": "cpe:2.3:a:apache:log4j",
"versionStart": "2.0",
"versionStartType": "including",
"versionEnd": "2.15.0",
"versionEndType": "excluding"
}4. search_cves_by_cvss
Search CVEs by CVSS vector strings and severity.
Parameters:
cvssV3Metrics(string): CVSSv3 vector stringcvssV3Severity(enum): LOW, MEDIUM, HIGH, CRITICALcvssV2Metrics(string): CVSSv2 vector stringcvssV2Severity(enum): LOW, MEDIUM, HIGHcvssV4Metrics(string): CVSSv4 vector string (experimental)
Example:
{
"cvssV3Severity": "CRITICAL"
}5. search_recent_cves
Get recently published CVEs.
Parameters:
days(number): Days back from today (1-120)pubStartDate/pubEndDate(string): Custom date rangeresultsPerPage(number): Default 50
Example:
{
"days": 7,
"resultsPerPage": 25
}6. search_modified_cves
Get recently modified CVEs.
Parameters:
days(number): Days back from today (1-120)lastModStartDate/lastModEndDate(string): Custom date range
Example:
{
"days": 3
}7. get_cve_change_history
Track CVE modification history.
Parameters:
cveId(string): Specific CVE to trackchangeStartDate/changeEndDate(string): Date range for changeseventName(enum): Filter by event type:- “CVE Received”, “Initial Analysis”, “Reanalysis”
- “CVE Modified”, “Modified Analysis”, “CVE Translated”
- “Vendor Comment”, “CVE Source Update”
- “CPE Deprecation Remap”, “CWE Remap”
- “Reference Tag Update”, “CVE Rejected”
- “CVE Unrejected”, “CVE CISA KEV Update”
Example:
{
"cveId": "CVE-2021-44228",
"eventName": "Initial Analysis"
}8. search_high_priority_cves
Find high-priority CVEs using multiple risk indicators.
Parameters:
includeKev(boolean): Include CISA KEV (default: true)includeCertAlerts(boolean): Include CERT alerts (default: true)includeCriticalCvss(boolean): Include critical CVSS (default: true)minCvssScore(number): Minimum CVSS threshold (0-10, default: 7.0)keywordSearch(string): Additional keyword filterdays(number): Limit to recent CVEs (max 120)
Example:
{
"minCvssScore": 9,
"days": 30,
"keywordSearch": "authentication bypass"
}Response Format
All tools return structured JSON responses with:
CVE Responses
{
"summary": {
"search_context": "search description",
"total_results": 1500,
"showing_results": 20,
"results_per_page": 20,
"start_index": 0,
"timestamp": "2025-06-08T14:26:00.000Z"
},
"vulnerabilities": [
{
"cve_id": "CVE-2021-44228",
"status": "Analyzed",
"published": "2021-12-10T10:15:09.043",
"last_modified": "2021-12-29T00:15:09.427",
"description": "Apache Log4j2 <=2.14.1 JNDI features...",
"cvss": {
"v3_score": 10,
"v3_severity": "CRITICAL",
"v2_score": 9.3
},
"weaknesses": [
"CWE-502",
"CWE-400"
],
"reference_count": 15,
"cisa_kev": {
"exploitAdd": "2021-12-10",
"actionDue": "2021-12-24",
"requiredAction": "Apply updates per vendor instructions.",
"vulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability"
},
"configurations_count": 200
}
],
"raw_response_metadata": {
"format": "NVD_CVE",
"version": "2.0",
"has_more_results": true
}
}Change History Responses
{
"summary": {
"search_context": "change history for CVE-2021-44228",
"total_changes": 5,
"showing_changes": 5
},
"changes": [
{
"cve_id": "CVE-2021-44228",
"event_name": "Initial Analysis",
"change_id": "ABC123-DEF456",
"source": "[email protected]",
"created": "2021-12-10T15:30:00.000Z",
"details_count": 8,
"sample_details": [
{
"action": "Added",
"type": "CVSS V3.1",
"newValue": "NIST AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
]
}
]
}Use Cases for AI Agents
1. Threat Intelligence Analysis
{
"tool": "search_high_priority_cves",
"args": {
"days": 7,
"minCvssScore": 8,
"includeKev": true
}
}2. Software Asset Vulnerability Assessment
{
"tool": "search_cves_by_cpe",
"args": {
"virtualMatchString": "cpe:2.3:a:microsoft:windows",
"versionStart": "10",
"versionStartType": "including"
}
}3. Security Research & Analysis
{
"tool": "search_cves",
"args": {
"keywordSearch": "authentication bypass",
"cvssV3Severity": "HIGH",
"noRejected": true
}
}4. Vulnerability Lifecycle Monitoring
{
"tool": "get_cve_change_history",
"args": {
"changeStartDate": "2024-01-01T00:00:00.000Z",
"changeEndDate": "2024-01-31T23:59:59.999Z",
"eventName": "CISA KEV Update"
}
}API Limits & Best Practices
NIST NVD API Constraints
- Date Range Limit: Maximum 120 consecutive days
- Rate Limiting: Built-in retry logic handles API limits
- No API Key Required: Free access to public data
- Data Freshness: Real-time access to official NIST data
Optimization Tips
- Use caching effectively (5-minute TTL implemented)
- Implement reasonable page sizes (20-100 results)
- Leverage specific filters to reduce result sets
- Monitor for rate limiting in high-volume scenarios
Error Handling
The server provides comprehensive error handling:
- 404: Resource not found
- 400: Invalid request parameters
- 429: Rate limit exceeded (automatic retry)
- Timeout: Request timeout with retry logic
- Validation: Parameter validation with helpful messages
Technical Details
Architecture
- TypeScript: Full type safety and modern ES2022
- MCP SDK: Official Model Context Protocol implementation
- Axios: HTTP client with retry logic and timeouts
- Caching: In-memory cache with TTL and cleanup
- Error Recovery: Exponential backoff and circuit breaker patterns
Performance Features
- Smart Caching: Reduces API calls and improves response times
- Pagination: Efficient handling of large result sets
- Parallel Requests: High-priority search combines multiple API calls
- Memory Management: Automatic cache cleanup and optimization
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Submit a pull request
License
MIT License - see LICENSE file for details
Support
- Issues: GitHub Issues
- Documentation: API Documentation
- Community: MCP Community
Version History
v1.0.0
- Initial release with full NIST NVD API 2.0 support
- 8 comprehensive tools for vulnerability research
- Advanced filtering and search capabilities
- Change history tracking
- High-priority CVE detection
- Production-ready caching and error handling