How to Use the NIST NVD MCP in VS Code Copilot

Q: How do we configure the NIST NVD MCP Server for our whole team in VS Code Copilot?

You add the server configuration to your shared .vscode/mcp.json file. This lets every developer on the team access the vulnerability search tools instantly.

Q: Can we search for vulnerabilities by keyword using NIST NVD in VS Code Copilot?

Yes. You use searchcvebykeyword to find relevant security records. Your agent parses these results to see if they apply to your project.

Q: How do we locate the correct product identifiers with NIST NVD in VS Code Copilot?

You run searchcpebykeyword to find official CPE names for your dependencies. This ensures your automated scans match the exact products used in your stack.

Q: How can we see if a vulnerability record has been modified?

Use getcvechangehistory to inspect the modification log. This tool shows you changes to CVSS scores, description updates, and new patch references.

Audit your codebase for active CVEs and map CPE dependencies directly from VS Code Copilot Chat.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect NIST NVD MCP to VS Code Copilot

Create your Vinkius account to connect NIST NVD to VS Code Copilot and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup NIST NVD with VS Code Copilot

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Instant CVE Audits in VS Code Copilot

The `get_cve_by_id` tool retrieves official vulnerability data directly inside your editor chat. This tool lets your team inspect CVSS scores and CWE classifications without switching to a browser. When a security alert flags a vulnerability, you ask VS Code Copilot to fetch the record. The agent reads the payload to explain how the exploit works and how to patch it.

Match Vendor Products with this MCP Server

The `search_cve_by_cpe` tool maps your active software components to known vulnerabilities. Your agent uses this tool to scan your project's lockfiles and pinpoint exposed versions. Committing this MCP Server configuration to your repository ensures your entire engineering team runs the same security checks. Copilot flags risky dependencies before they get merged into the main branch.

Target Specific Weaknesses in Code

The `search_cve_by_cwe` tool isolates vulnerabilities by their common weakness enumeration. Your agent uses this tool to analyze patterns of past exploits in similar software architectures. You also run `search_cve_by_severity` to prioritize your remediation efforts. Copilot filters out low-priority alerts so you focus on fixing critical vulnerabilities first.

Setup guide

Set up NIST NVD MCP in VS Code Copilot

Prerequisites

VS Code 1.99 or later with GitHub Copilot extension
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run "MCP: Add Server". Select HTTP (Streamable) as the server type. VS Code will create .vscode/mcp.json in your workspace.
2

Add the NIST NVD MCP

Paste the JSON snippet shown on the right into your .vscode/mcp.json. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Switch to Agent mode

Open Copilot Chat (Cmd+Shift+I / Ctrl+Shift+I) and switch to Agent mode using the dropdown. MCP tools are only available in Agent mode — they do not appear in Edit or Ask modes.
4

Verify the connection

In the Copilot Chat input, type # to list available tools. You should see the NIST NVD tools listed. Try asking: "List my recent NIST NVD transactions" and Copilot will invoke them automatically.

.vscode/mcp.json

{
  "mcpServers": {
    "nist-nvd-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by NIST NVD. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect NIST NVD now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about NIST NVD MCP in VS Code Copilot

You add the server configuration to your shared `.vscode/mcp.json` file. This lets every developer on the team access the vulnerability search tools instantly.

Yes. You use `search_cve_by_keyword` to find relevant security records. Your agent parses these results to see if they apply to your project.

You run `search_cpe_by_keyword` to find official CPE names for your dependencies. This ensures your automated scans match the exact products used in your stack.

Use `get_cve_change_history` to inspect the modification log. This tool shows you changes to CVSS scores, description updates, and new patch references.

No. The server only communicates query strings, CPE names, and CVE IDs to the NIST API. Your repository files and code context stay secure within your local VS Code Copilot sandbox.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript