MCP Container

circl-cve-search-mcp-server

CIRCL CVE SEARCH MCPサーバーは、CVE情報、ベンダー別の脆弱性、CWEおよびCAPEC情報を提供するAPIへのアクセスを可能にします。信頼性の高いツールを備え、エラーハンドリングや入力検証も強化されています。

GitHub

GitHubスター

5

ユーザー評価

未評価

お気に入り

0

閲覧数

29

フォーク

0

イシュー

0

README
CIRCL CVE SEARCH MCP Server

A Model Context Protocol (MCP) server for accessing the CIRCL CVE SEARCH API, providing comprehensive vulnerability and security information.

Features

This MCP server provides reliable tools to access:

  • CVE Information: Get detailed information about specific Common Vulnerabilities and Exposures
  • Vendor Browsing: Browse CVEs by vendor name to discover security issues in specific vendors' products
  • CWE Information: Get Common Weakness Enumeration information for understanding vulnerability types
  • CAPEC Information: Get Common Attack Pattern Enumeration and Classification data for understanding attack methods
Key Improvements
  • Retry Logic: Automatic retry with exponential backoff for reliable API calls
  • Enhanced Formatting: Structured, readable response formatting with key information highlighted
  • Better Error Handling: Clear, actionable error messages with troubleshooting guidance
  • Input Validation: Comprehensive validation and sanitization of all inputs
Installation
npm install @cyreslab/circl-cve-search-mcp-server
Usage

Add this server to your MCP client configuration:

{
  "mcpServers": {
    "circl-cve-search": {
      "command": "npx",
      "args": ["@cyreslab/circl-cve-search-mcp-server"]
    }
  }
}
Available Tools
get_cve

Get detailed information about a specific CVE by its ID.

Parameters:

  • cve_id (required): CVE identifier (e.g., "CVE-2021-44228")

Example:

{
  "name": "get_cve",
  "arguments": {
    "cve_id": "CVE-2021-44228"
  }
}

Response Format:

  • Structured CVE data with key information highlighted
  • Summary, publication dates, CVSS scores
  • Associated weakness types (CWE) and reference counts
  • Full raw data for detailed analysis
browse_vendor

Browse CVEs by vendor name to discover security issues in specific vendors' products.

Parameters:

  • vendor (required): Vendor name (e.g., "apache", "microsoft", "google")
  • limit (optional): Number of results to return (default: 10, max: 50)

Example:

{
  "name": "browse_vendor",
  "arguments": {
    "vendor": "apache",
    "limit": 15
  }
}

Response Format:

  • List of CVEs for the specified vendor
  • Total count and displayed count
  • Vendor name normalization
get_cwe

Get Common Weakness Enumeration (CWE) information by ID.

Parameters:

  • cwe_id (required): CWE identifier (e.g., "CWE-79", "CWE-89")

Example:

{
  "name": "get_cwe",
  "arguments": {
    "cwe_id": "CWE-79"
  }
}

Response Format:

  • CWE name and detailed description
  • Extended descriptions and weakness ordinalities
  • Likelihood of exploit information
  • Full raw data for comprehensive analysis
get_capec

Get Common Attack Pattern Enumeration and Classification (CAPEC) information by ID.

Parameters:

  • capec_id (required): CAPEC identifier (e.g., "CAPEC-66", "CAPEC-89")

Example:

{
  "name": "get_capec",
  "arguments": {
    "capec_id": "CAPEC-66"
  }
}

Response Format:

  • Attack pattern name and description
  • Typical severity and likelihood of attack
  • Prerequisites and related weaknesses
  • Complete raw data for in-depth analysis
Data Source

This server uses the CIRCL CVE SEARCH API, which provides:

  • Comprehensive CVE data from the National Vulnerability Database (NVD)
  • Common Platform Enumeration (CPE) information
  • Common Weakness Enumeration (CWE) data
  • Common Attack Pattern Enumeration and Classification (CAPEC) data
  • Regular updates with the latest vulnerability information
Rate Limiting

The CIRCL CVE SEARCH API is free to use and doesn't require authentication. However, please use it responsibly and avoid making excessive requests that could impact the service.

Error Handling

The server handles various error conditions:

  • Invalid CVE/CWE/CAPEC ID formats
  • Empty search queries
  • API rate limiting
  • Network errors
  • Invalid parameters
Development
Building
npm run build
Running in Development
npm run dev
License

MIT License - see LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Support

For issues and questions:

作者情報
Cyreslab
Cyreslab
Estonia
GitHub

17

フォロワー

20

リポジトリ

0

Gist

0

貢献数

タグ
cvecybersecuritymcpmcp-serverrisk-assessmentvulnerability
関連するMCP
pentest-mcp logo
pentest-mcp
80

Pentest MCPは、プロフェッショナルなペネトレーションテストツールキットであり、複数の通信手段をサポートしています。ローカル環境やネットワーク経由での利用が可能で、OAuth 2.1による安全な認証を提供します。NmapやGobusterなどのツールを使用して、ネットワークの再コンやウェブの脆弱性を評価することができます。

JavaScript
CyberSecurity-MCPs logo
CyberSecurity-MCPs
13

このプロジェクトは、ネットワークセキュリティ分野に特化したModel Context Protocol Server(MCP)の集合体です。SQLインジェクションテストツールやネットワーク空間検索エンジン、MarkdownからWord文書への変換ツールなど、さまざまなMCPサーバーの実装が含まれています。各実装は独立しており、管理が容易です。

JavaScript
mcp-vulnerability-scanner logo
mcp-vulnerability-scanner
5

A Model Context Protocol (MCP) server for scanning IP addresses for vulnerabilities. This server provides tools to perform security scanning on individual IPs or multiple IPs at once.

TypeScript