mcp-nvd (marcoeg)
MCP server to query the NIST National Vulnerability Database (NVD) CVE API.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcp-nvd (marcoeg), derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
mcp-nvd is a focused MCP server that lets agents query the NIST National Vulnerability Database via its official API for CVE details, CVSS scores, and metadata. It is a clean single-purpose vulnerability-lookup tool for LLM consumption. Its surface is mostly read-only external data, so the main concern is returning attacker-influenced CVE descriptions into the model.
Key features
- Direct NVD CVE API queries
- CVSS scores and CVE metadata
- Single-purpose, lightweight
Use cases
- Look up a CVE's details and severity
- Feed vulnerability data into an agent workflow