VulnMCP
mcp
Gecti
Health Gecti
- License — License: AGPL-3.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 13 GitHub stars
Code Gecti
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This MCP server provides AI clients with modular tools for vulnerability management. It automates severity and CWE classification using NLP models, and queries external vulnerability databases (like Vulnerability Lookup, CISA KEV, and GCVE) to deliver actionable security insights.
Security Assessment
The overall risk is Low. The automated code scan (12 files) found no dangerous patterns, no hardcoded secrets, and the tool does not request any dangerous system permissions. It does not execute local shell commands or access sensitive local files. However, by design, it requires network requests to function properly. It communicates with external APIs (such as vulnerability.circl.lu, gcve.eu) and downloads remote AI models from Hugging Face to perform its text analysis.
Quality Assessment
The project demonstrates solid health and maintenance. It was updated very recently (last push was today), indicating active development. The repository is properly licensed under AGPL-3.0 and includes a clear, comprehensive description and usage instructions. While it is a relatively new tool with a small community footprint (13 GitHub stars), it was built using established libraries like FastMCP and relies on recognized security data sources like CIRCL.
Verdict
Safe to use.
This MCP server provides AI clients with modular tools for vulnerability management. It automates severity and CWE classification using NLP models, and queries external vulnerability databases (like Vulnerability Lookup, CISA KEV, and GCVE) to deliver actionable security insights.
Security Assessment
The overall risk is Low. The automated code scan (12 files) found no dangerous patterns, no hardcoded secrets, and the tool does not request any dangerous system permissions. It does not execute local shell commands or access sensitive local files. However, by design, it requires network requests to function properly. It communicates with external APIs (such as vulnerability.circl.lu, gcve.eu) and downloads remote AI models from Hugging Face to perform its text analysis.
Quality Assessment
The project demonstrates solid health and maintenance. It was updated very recently (last push was today), indicating active development. The repository is properly licensed under AGPL-3.0 and includes a clear, comprehensive description and usage instructions. While it is a relatively new tool with a small community footprint (13 GitHub stars), it was built using established libraries like FastMCP and relies on recognized security data sources like CIRCL.
Verdict
Safe to use.
A modular MCP server providing AI-driven vulnerability management skills, including severity classification and automated insights.
README.md
VulnMCP
VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.
Features
- Vulnerability Severity Classification -- Automatically assess the criticality of vulnerabilities using CIRCL's fine-tuned NLP models:
CIRCL/vulnerability-severity-classification-roberta-base (English) and CIRCL/vulnerability-severity-classification-chinese-macbert-base (Chinese). - CWE Classification -- Predict CWE categories from vulnerability descriptions using CIRCL/cwe-parent-vulnerability-classification-roberta-base.
- Vulnerability Lookup -- Query the Vulnerability Lookup API to get detailed information about specific CVEs or search vulnerabilities by source, CWE, product, or date.
- KEV Catalog -- Browse and filter Known Exploited Vulnerability (KEV) entries, check whether a CVE appears in a KEV catalog, find recently added entries, and filter by catalog origin (CISA KEV, CIRCL, EUVD KEV).
- GCVE Registry -- Query the GCVE Global Numbering Authority (GNA) registry and references to discover vulnerability allocators and KEV catalog identifiers.
- Modular Architecture -- Easily add new skills or tools to expand the functionality of the MCP server.
Installation
Requires Python 3.10+ and Poetry v2+.
git clone https://github.com/vulnerability-lookup/VulnMCP.git
cd VulnMCP
poetry install
Running the MCP server
stdio (default)
The default transport, used by most MCP clients (Claude Code, Claude Desktop, etc.):
poetry run vulnmcp
HTTP transport
For network access or multiple concurrent clients:
poetry run fastmcp run vulnmcp/server.py --transport http --host 127.0.0.1 --port 9000
Available tools
| Tool | Description |
|---|---|
classify_severity |
Classify vulnerability severity (low/medium/high/critical) from a text description. Supports English and Chinese with auto-detection. |
classify_cwe |
Predict CWE categories from a vulnerability description. Returns top-5 predictions with parent CWE mapping. |
get_recent_vulnerabilities_by_cwe |
Fetch the 3 most recent CVEs for a given CWE ID. |
get_vulnerability |
Look up a specific vulnerability by ID (e.g. CVE-2025-14847) with optional comments, sightings, bundles, linked vulnerabilities, and KEV enrichment. |
search_vulnerabilities |
Search vulnerabilities with filters: source, CWE, product, date range, pagination, and optional KEV-aware prioritization. |
search_sightings |
Search vulnerability sightings (seen/exploited/patched/etc.) with filters to identify what is actively discussed or abused. |
create_sighting |
Create a new sighting for a vulnerability (requires API permissions on most instances). |
get_most_sighted_vulnerabilities |
Retrieve a ranking of vulnerabilities by sighting activity to help prioritize important issues. |
list_kev_entries |
List and filter KEV catalog entries by vulnerability ID, status reason, exploited flag, date range, author, or origin catalog UUID. |
guess_cpes |
Query cpe-guesser with product keywords to infer likely CPE identifiers. |
list_gna_entries |
List all Global Numbering Authorities (GNA) from the GCVE registry. |
get_gna_entry |
Get a specific GNA entry by numeric ID or exact short name. |
search_gna |
Search GNA entries by name (case-insensitive substring match). |
list_gcve_references |
List GCVE references including KEV catalog UUIDs for use with list_kev_entries. |
List all tools:
poetry run fastmcp list vulnmcp/server.py
Testing tools from the command line
Use fastmcp call to invoke any tool directly:
# Look up a specific CVE
poetry run fastmcp call vulnmcp/server.py get_vulnerability vulnerability_id=CVE-2025-14847
# Search for recent SQL injection vulnerabilities
poetry run fastmcp call vulnmcp/server.py search_vulnerabilities cwe=CWE-89 per_page=5
# Retrieve top most-sighted vulnerabilities
poetry run fastmcp call vulnmcp/server.py get_most_sighted_vulnerabilities limit=5
# Check if a CVE is in a KEV catalog
poetry run fastmcp call vulnmcp/server.py list_kev_entries vuln_id=CVE-2021-44228
# List recent KEV entries from the last week
poetry run fastmcp call vulnmcp/server.py list_kev_entries date_from=2026-03-18 per_page=5
# List KEV entries from the CISA KEV catalog only
poetry run fastmcp call vulnmcp/server.py list_kev_entries vulnerability_lookup_origin=405284c2-e461-4670-8979-7fd2c9755a60 per_page=5
# Guess likely CPE values from product keywords
poetry run fastmcp call vulnmcp/server.py guess_cpes query='["outlook","connector"]'
# List all GNA entries from the GCVE registry
poetry run fastmcp call vulnmcp/server.py list_gna_entries
# Look up a specific GNA by short name
poetry run fastmcp call vulnmcp/server.py get_gna_entry short_name=CIRCL
# Search GNA entries
poetry run fastmcp call vulnmcp/server.py search_gna query=cert
# List GCVE references (includes KEV catalog UUIDs)
poetry run fastmcp call vulnmcp/server.py list_gcve_references
# Classify severity from a description
poetry run fastmcp call vulnmcp/server.py classify_severity \
description="A remote code execution vulnerability allows an attacker to execute arbitrary code via a crafted JNDI lookup."
# Classify CWE from a description
poetry run fastmcp call vulnmcp/server.py classify_cwe \
description="Fix buffer overflow in authentication handler"
Connecting to Claude Code
Register VulnMCP as an MCP server in Claude Code with:
claude mcp add vulnmcp -- poetry --directory /path/to/VulnMCP run vulnmcp
Or with fastmcp install:
poetry run fastmcp install claude-code vulnmcp/server.py --name VulnMCP
Once registered, the tools are available to Claude Code. You can verify with:
claude mcp list
Configuration
| Environment variable | Description | Default |
|---|---|---|
VULNMCP_LOOKUP_URL |
Base URL for the Vulnerability Lookup API | https://vulnerability.circl.lu |
VULNMCP_CPE_GUESSER_URL |
Base URL for the cpe-guesser API | https://cpe-guesser.cve-search.org |
VULNMCP_API_KEY |
API key used for authenticated actions such as creating sightings | (unset) |
Contributing
Please read CONTRIBUTING.md before opening a pull request.
Note: this repository currently runs an experiment where only computer-assisted (AI-related) contributions are accepted.
License
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi