How to Use the NIST NVD MCP in Windsurf
Connect Windsurf to the NIST NVD MCP server. Let Cascade hunt down vulnerabilities and check CVE change history automatically.
Works with every AI agent you already use
…and any MCP-compatible client
Connect NIST NVD MCP to Windsurf
Create your Vinkius account to connect NIST NVD to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.
Cascade Chases Vulnerability Chains
Cascade doesn't wait for you to ask what happens next. You give Windsurf a target, and it runs `search_cve_by_keyword` to find the initial flaw. Once it gets the hit, Cascade automatically pulls the weakness type using `search_cve_by_cwe`. You just watch the agent map out the entire threat surface without writing a single prompt.
Pin Down The Exact CPE
Vendor naming conventions are a mess. Trying to guess the exact product string wastes time, so Windsurf handles it via this MCP server. It fires off `search_cpe_by_keyword` to find the base product, then runs `list_cpe_matches` to grab the exact dictionary string. Now your agent knows exactly what software version to investigate.
Audit Historical Changes
Vulnerability scores change. What was a medium risk yesterday might be a critical zero-day right now. You can tell your AI client to check `get_cve_change_history` for a specific ID. Windsurf grabs the timeline and cross-references it with `search_cve_by_severity` to show you exactly when the threat escalated.
Set up NIST NVD MCP in Windsurf
Prerequisites
- Windsurf IDE installed (macOS, Windows, or Linux)
- Active Vinkius subscription with a valid endpoint token
- 1
Open MCP configuration
Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open
~/.codeium/windsurf/mcp_config.json. - 2
Add the NIST NVD MCP
Paste the JSON snippet shown on the right into the
mcpServersobject. Replace[YOUR_TOKEN_HERE]with your endpoint token from cloud.vinkius.com. - 3
Refresh MCPs
Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.
- 4
Verify in Cascade
Start a new Cascade conversation and ask something like "Show my NIST NVD payment history." If connected, Cascade will call the NIST NVD tools directly. You will see a green dot next to the server name in the MCP panel.
{
"mcpServers": {
"nist-nvd-mcp": {
"url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}
}
}Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by NIST NVD. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
Why Choose Vinkius
Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.
Real-time monitoring
Live
visibility into every interaction
Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.
Built-in savings
60%
lower AI costs
Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.
Single dashboard
One
place for every integration
Every tool your AI connects to, managed from a single screen. One account, complete control.
Common questions about NIST NVD MCP in Windsurf
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
Start using the NIST NVD MCP today
We host it, we monitor it, we maintain it. You just paste one token.
