CVE Risk MCP Server
MCP server for CVE lookups, KEV enrichment, and “what should I patch first?” ranking. It
implements the MCP tools/list + tools/call flow over stdio and returns structured risk
assessments per CVE.
Features
- CVE detail lookups with parsed CVSS v3/v4 metrics.
- CISA KEV feed enrichment (primary + mirror fallback).
- EPSS-style risk scoring with reasons and a priority label.
- Batch ranking for patch queues.
Tools
cve_lookup- Inputs:
cve_id,include_kev - Output: CVE summary + KEV status + risk score
- Inputs:
cve_rank- Inputs:
cve_ids,include_kev - Output: ranked list (highest risk first)
- Inputs:
Quickstart
make setup
make check
Run (MCP stdio)
python -m cve_risk_mcp --stdio
Example (tools/call)
{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"cve_lookup","arguments":{"cve_id":"CVE-2023-23397"}}}
Data sources
- CVE data: CIRCL Vulnerability Lookup API.
- KEV data: CISA Known Exploited Vulnerabilities feed (primary URL) with fallback to the official CISA GitHub mirror.
Notes
- No authentication: intended for local or controlled environments.
- All outbound network calls are GETs to the configured APIs.