How to Use the NIST NVD MCP in Claude

Q: Can I search for specific weaknesses using NIST NVD in Claude Desktop?

Yes. You use searchcvebycwe to pull vulnerabilities linked to specific weakness categories like SQL injection or cross-site scripting. Your agent parses these records to show you patterns in your codebase.

Q: How do I verify CPE matches with NIST NVD inside Claude Desktop?

You run listcpematches to see the exact product strings recognized by the database. This keeps your search queries accurate and prevents your agent from chasing false positives.

Q: What is the fastest way to check historical changes to a vulnerability?

Use the getcvechangehistory tool. It shows you when a CVSS score was updated or when new vendor patches were added to the official record.

Look up live vulnerabilities and CPE data directly inside Claude Desktop without leaving your chat window.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect NIST NVD MCP to Claude Desktop

Create your Vinkius account to connect NIST NVD to Claude Desktop and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup NIST NVD with Claude Desktop

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Instant CVE Lookups in Claude Desktop

The `get_cve_by_id` tool pulls raw vulnerability details directly from the National Vulnerability Database into your chat. This tool lets your agent pull CVSS scores, CWE mappings, and affected version data without forcing you to click through browser tabs. You get the exact security data you need to triage alerts. When you paste a CVE ID into Claude Desktop, your agent uses this tool to read the official record and explain the threat vector immediately.

Audit Your Software Stack via MCP Server

The `search_cve_by_cpe` tool identifies active vulnerabilities targeting specific system configurations. Your agent reads your local package files and queries the NIST database to match your software against known vulnerability strings. Running this MCP Server locally lets Claude Desktop check your active dependencies against the live CPE dictionary. You spot exposed libraries before they hit your production environment.

Track Emerging Exploits by Severity

The `search_cve_by_severity` tool filters the latest database entries to show you only critical-grade threats. Your agent uses this tool to build custom watchlists based on CVSS thresholds that match your risk profile. You also use `search_cve_by_date` to see what went public over the weekend. Instead of reading security blogs, you let Claude Desktop compile a clean list of new risks targeting your infrastructure.

Setup guide

Set up NIST NVD MCP in Claude Web or Desktop

1

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
2

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL: https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.
3

Start a conversation

Open a new chat. The NIST NVD MCP tools are available immediately — no restart needed.

Endpoint URL

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

No configuration file needed — paste the URL directly in the Claude web interface.

Available on Free (1 connector), Pro, Max, Team, and Enterprise plans.

Prerequisites

Claude Desktop installed (macOS or Windows)
Active Vinkius subscription with a valid endpoint token

1

Open Claude Desktop Settings

Click the menu icon at the top-left corner, go to Settings → Developer → Edit Config. This opens claude_desktop_config.json in your default text editor.
2

Paste the NIST NVD MCP configuration

Copy the JSON snippet on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Desktop

Close and reopen the application. Claude needs a full restart to load new MCPs — refreshing a conversation is not enough.
4

Verify the connection

Open a new conversation. Click the 🔌 icon at the bottom of the message input. You should see tools listed under nist-nvd-mcp.

json

{
  "mcpServers": {
    "nist-nvd-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by NIST NVD. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect NIST NVD now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about NIST NVD MCP in Claude Desktop

The server uses your NVD API key to prevent rate limit blocks during large queries. If you run multiple searches, the tool manages the request pacing so your agent gets the data without interruption.

Yes. You use `search_cve_by_cwe` to pull vulnerabilities linked to specific weakness categories like SQL injection or cross-site scripting. Your agent parses these records to show you patterns in your codebase.

You run `list_cpe_matches` to see the exact product strings recognized by the database. This keeps your search queries accurate and prevents your agent from chasing false positives.

Use the `get_cve_change_history` tool. It shows you when a CVSS score was updated or when new vendor patches were added to the official record.

No. This server only sends specific query parameters like CVE IDs, CPE names, and keywords to the NIST API. Your local files and code snippets never leave your Claude Desktop application.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript