How to Use the NIST NVD MCP in Cursor

Q: Can I search for recent exploits using NIST NVD in Cursor?

Yes. You use searchcvebydate to find vulnerabilities published within specific timeframes. This helps you check if a new zero-day exploit affects the code you are currently writing.

Q: How do I handle CPE name variations with NIST NVD in Cursor?

You run searchcpebykeyword to find the exact vendor and product identifiers. This prevents Cursor from missing critical updates due to minor naming discrepancies.

Q: How can I check if a CVSS score was recently updated?

Use getcvechangehistory to pull the update log for any vulnerability. It shows you when NIST modified the severity ratings or added new reference links.

Feed live CVE and CPE data directly into Cursor Agent to write secure code and fix vulnerabilities on the fly.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect NIST NVD MCP to Cursor

Create your Vinkius account to connect NIST NVD to Cursor and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup NIST NVD with Cursor

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Direct Vulnerability Queries in Cursor

The `get_cve_by_id` tool pulls official vulnerability records directly into your active coding session. This tool gives your agent the exact CVSS metrics and patch details needed to fix insecure code blocks. Instead of guessing how to remediate an exploit, you let Cursor read the official NIST database. Your agent suggests precise code changes based on the actual vulnerability profile.

Map Dependencies with this MCP Server

The `search_cve_by_cpe` tool checks your project dependencies against the official product dictionary. Your agent uses this tool to find matches for your exact library versions and flags known exploits. By integrating this MCP Server, Cursor scans your package configuration files against live data. You catch outdated packages during your regular development loop instead of waiting for a CI/CD build failure.

Filter Threats by Code Weakness

The `search_cve_by_cwe` tool targets specific vulnerability classes inside your codebase. Your agent uses this tool to find historical examples of similar bugs to help you write safer functions. You also use `search_cpe_by_keyword` to find the correct CPE strings for your software stack. This ensures your automated security checks target the right vendor records.

Setup guide

Set up NIST NVD MCP in Cursor

Prerequisites

Cursor installed (macOS, Windows, or Linux)
Active Vinkius subscription with a valid endpoint token

1

Open MCP Settings

Go to Cursor Settings → MCP or open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and search for "MCP: Add Server".
2

Add the NIST NVD MCP

Cursor will create or open .cursor/mcp.json in your project root. Paste the JSON snippet on the right. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Enable Agent mode

Open Composer (Cmd+I / Ctrl+I) and switch to Agent mode using the dropdown at the top. MCP tools are only available in Agent mode.
4

Verify the connection

Ask Cursor something like "List my recent NIST NVD transactions." If the MCP tools are loaded correctly, Cursor will call the NIST NVD tools automatically. You can also check Settings → MCP for a green status indicator.

.cursor/mcp.json

{
  "mcpServers": {
    "nist-nvd-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by NIST NVD. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect NIST NVD now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about NIST NVD MCP in Cursor

It lets your Cursor Agent pull live vulnerability data directly into your editor. You can write fixes for specific CVEs without leaving your workspace or copy-pasting reports.

Yes. You use `search_cve_by_date` to find vulnerabilities published within specific timeframes. This helps you check if a new zero-day exploit affects the code you are currently writing.

You run `search_cpe_by_keyword` to find the exact vendor and product identifiers. This prevents Cursor from missing critical updates due to minor naming discrepancies.

Use `get_cve_change_history` to pull the update log for any vulnerability. It shows you when NIST modified the severity ratings or added new reference links.

The server only transmits search parameters, CPE names, and CVE identifiers to the official NIST API. Your local source code and Cursor environment configurations remain entirely private on your machine.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript