NIST NVD MCP. Correlate CVEs and CPE data across any search dimension.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
NIST NVD connects your AI agent directly to the National Vulnerability Database. It lets you find authoritative cybersecurity data: track specific CVE IDs, map vulnerabilities to products using CPE strings, or search for weaknesses by date and severity level.
Stop piecing together risk reports from multiple sources; query all the official vulnerability intelligence in one go.
What your AI agents can do
Get cpe by id
Retrieves the full dictionary entry for a product using its specific UUID.
Get cve by id
Gets all details about a vulnerability when you provide the unique CVE identifier (e.g., CVE-2023-1234).
Get cve change history
Retrieves a log of every update or modification made to the vulnerability database for tracking changes.
Find all vulnerabilities linked to a specific software package or hardware version using its official Common Platform Enumeration string.
Get full details on a single, known vulnerability (CVE) when you have the specific identifier.
Restrict search results to only show vulnerabilities that meet certain risk thresholds, like 'Critical' or 'High'.
Search for CVEs published or modified within a precise date range, helping you monitor recent threat activity.
Query the official CPE dictionary by keyword to find potential software or hardware products and their identifiers.
Ask AI about this MCP
Supported MCP Clients
OAuth 2.0 Compatible Gemini Waiting for input…
NIST NVD MCP Server: 10 Tools for Threat Intelligence
These ten tools let you query the National Vulnerability Database directly. Use them to search, filter, and correlate CVEs with product identifiers (CPE) in one workflow.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using NIST NVD on Vinkius019d75ddget cpe by id
Retrieves the full dictionary entry for a product using its specific UUID.
019d75ddget cve by id
Gets all details about a vulnerability when you provide the unique CVE identifier (e.g., CVE-2023-1234).
019d75ddget cve change history
Retrieves a log of every update or modification made to the vulnerability database for tracking changes.
019d75ddlist cpe matches
Lists all valid CPE match strings available in the dictionary, useful for defining scope.
019d75ddsearch cpe by keyword
Searches the product dictionary using a general keyword to identify potential software or hardware products.
019d75ddsearch cve by cpe
Finds all associated CVE vulnerabilities for a specific product identified by its CPE string.
019d75ddsearch cve by cwe
Identifies CVEs based on a common weakness type (CWE) rather than a specific product or keyword.
019d75ddsearch cve by date
Searches for vulnerabilities published or modified within a specified date range.
019d75ddsearch cve by keyword
Performs a broad search across the database using general terms like 'Remote Code Execution' or 'SQL injection'.
019d75ddsearch cve by severity
Filters the entire vulnerability set to only include issues above a specified severity level (e.g., Critical).
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with NIST NVD, then connect any of our 4,800+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,800+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by NIST NVD. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Cross-referencing vulnerability reports is hellish.
Today, figuring out if a flaw affects your stack means jumping between vendor security pages, downloading PDFs, and cross-referencing spreadsheets. You spend hours copy-pasting CPE identifiers into separate search portals just to see if the severity levels match up. It’s slow, it's error-prone, and you always end up missing some connections.
With this MCP server, that process collapses into a single query. Your agent handles the messy API calls behind the scenes. You ask: 'What vulnerabilities affect all my core services published since Q1?' And boom—you get a clean list of CVEs correlated directly to your CPEs.
NIST NVD MCP Server: Get full product security context.
The biggest time sink is manually checking every possible combination. You find a vulnerability (CVE), but you have to leave the tool and start a new search just to see if your specific version of software matches its CPE string. That back-and-forth wastes minutes, multiplied by dozens of findings.
Now, you tell the agent: 'Find all CVEs for product X that are Critical.' The server runs the correlation in one step. It's not just giving you data; it’s completing the entire analysis cycle for you.
What you can do with this MCP connector
You're connecting your AI agent straight to the National Vulnerability Database (NVD). This means you get direct access to the most authoritative cybersecurity data out there—no need to piece together risk reports from half a dozen different sources. You can track specific CVE IDs, map product weaknesses using CPE strings, or search for vulnerabilities based on severity and date.
We're talking deep intelligence, pulled through your AI client.
When you need details about one specific vulnerability, use get_cve_by_id. Just give it the unique CVE identifier (like CVE-2023-1234), and you get every single detail on that weakness. If you're looking at a product, you can find all associated vulnerabilities using its CPE string; just run search_cve_by_cpe. You also wanna know what changed? Use get_cve_change_history to pull a log of every update or modification made to the vulnerability database—perfect for tracking data changes over time.
If you're starting from product information, you can first look up its full dictionary entry using its specific UUID via get_cpe_by_id. You wanna know what products exist? Use search_cpe_by_keyword to search the product dictionary with a general term, helping you spot potential software or hardware targets. To see all possible scope definitions for filtering, run list_cpe_matches which lists every valid CPE match string available in the dictionary.
Filtering and Searching by Weakness: When you're hunting for vulnerabilities based on risk, use search_cve_by_severity. This lets you filter the entire pool of issues down to only show weaknesses above a certain threshold—think 'Critical' or 'High.' If the weakness isn't tied to a specific product, you can target it by common weakness type (CWE) using search_cve_by_cwe.
You also don't need product names for broad searches; run search_cve_by_keyword to perform a general search across the database using terms like 'SQL injection' or 'Remote Code Execution.'
Pinpointing Threats in Time and Scope: To focus on when things happened, use search_cve_by_date. You just give it a date range, and you get all CVEs published or modified within that specific window. For the deepest dive into product weakness, combine your knowledge: if you know both the CPE string and want to see associated weaknesses, run search_cve_by_cpe again.
If you need to narrow down a search using general terms but also link it to an existing product identifier, you can use search_cve_by_keyword on the CVE side.
The bottom line is this: This setup lets your agent handle complex queries that would otherwise take hours of manual API calls. You don't need to know NVD's internal structure—you just tell it what you want. Whether you're checking for all weaknesses associated with 'Windows Server 2019,' tracking every change made to the database last week, or looking up general product details using CPE keywords, this gives you a direct line to industry-standard risk data.
019d75dd-f96b-71fb-b62f-6e3a67b1666a 
How NIST NVD MCP Works
- 1 Subscribe to the NIST NVD MCP Server. (Optional: Add your API Key for higher rate limits.)
- 2 Direct your AI client (Claude, Cursor, etc.) to formulate a question based on vulnerability criteria (e.g., 'Show me Critical CVEs for Apache last month').
- 3 The agent executes the necessary tool calls, receives structured data from NVD, and delivers a concise, actionable report back to you.
The bottom line is: you ask your agent a complex question using plain English, and it handles the technical translation into multiple targeted API queries.
Who Is NIST NVD MCP For?
This tool is for security professionals who deal with risk assessment full-time. If you're an analyst sick of manually cross-referencing spreadsheets of CVEs against product inventory, this is what you need. It’s built for people whose job requires absolute data fidelity and the ability to query complex, interconnected datasets instantly.
You use search_cve_by_keyword or list_cpe_matches when investigating a new threat vector. You cross-reference findings by running targeted searches like search_cve_by_severity to prioritize patching efforts.
You monitor your deployed stack's security posture. When you update a service, you run tools like search_cve_by_cpe immediately afterwards to ensure the new version hasn't introduced known vulnerabilities.
You gather evidence for audits. You use this server to systematically pull historical vulnerability data (get_cve_change_history) and structured CPEs to prove adherence to standards.
What Changes When You Connect
- Pinpoint risk instantly. Instead of sifting through thousands of records, use
search_cve_by_severityto limit results immediately to only Critical or High-impact vulnerabilities. - Stop guesswork on product scope. Use
get_cpe_by_idandlist_cpe_matchesto get the exact, authoritative identifier for any piece of software, eliminating ambiguity in your reports. - Track emerging threats efficiently. With
search_cve_by_date, you can monitor only vulnerabilities published last week—perfect for quick incident response checks without pulling years of noise. - Connect the dots automatically. If you know a product (CPE), use
search_cve_by_cpeto pull every single vulnerability associated with it, giving you a complete picture in one query. - Audit historical changes easily. Use
get_cve_change_historywhen compliance requires proof of due diligence; this tool tracks who changed what and when.
Real-World Use Cases
Investigating a Zero-Day Leak
An analyst hears about a potential vulnerability affecting an old version of Apache. Instead of guessing, they use search_cve_by_keyword to find all related CVEs, then immediately feed the results into search_cve_by_cpe with the specific CPE string to confirm exactly which versions are vulnerable.
Compliance Audit of Legacy Systems
A compliance officer needs proof that all systems running 'Java 8' were checked for vulnerabilities in Q3. They use search_cve_by_date to limit the scope and then combine it with a CPE search, ensuring every relevant system was audited against known threats.
Rapid Patch Prioritization
A DevOps team discovers 50 new vulnerabilities. They don't want to read all of them. They run search_cve_by_severity and then search_cve_by_cwe together, filtering the list down instantly to only 'Critical' severity flaws related to memory corruption.
Mapping a New Vendor Product
You get a product from a new vendor with no internal data. You run search_cpe_by_keyword using the vendor name or product type, then use get_cpe_by_id on the returned UUIDs to build an accurate inventory for your risk database.
The Tradeoffs
Keyword-only searching
Running a simple search using only search_cve_by_keyword gives you dozens of vague results. You don't know which product or version is affected, making the data useless for patching.
→
Always follow up keyword searches by running search_cve_by_cpe. This links the general vulnerability to a specific software package, giving you actionable information.
Ignoring Severity Tiers
When reviewing an incident list, you look at every CVE found, wasting time reading low-impact issues when your team needs to focus on immediate threats.
→
Start by running search_cve_by_severity and filter for Critical or High. This ensures that your agent only presents the most urgent vulnerabilities first.
Searching without a Time Scope
Running an unrestricted search yields too much data, burying recent zero-day disclosures under years of old records.
→
When investigating a fresh threat, use search_cve_by_date. Limit the query to the last 30 or 90 days. This keeps your focus tight and relevant.
When It Fits, When It Doesn't
Use this NVD MCP Server when you need verifiable, authoritative data linking a vulnerability (CVE) to a specific product component (CPE). You're doing risk assessment, compliance auditing, or deep threat intelligence. Don't use it if your goal is general awareness—if you just want to know 'is X vulnerable?' and don't have the specific version number, start with search_cpe_by_keyword first; it’s your best bet for initial scope definition.
Don't use this server if your need is vague or high-level. If you just want a general overview of 'common internet security problems,' go search Google. This tool requires precision—you must guide the agent toward an ID, keyword, CPE, or date range to get useful output.
Common Questions About NIST NVD MCP
How do I find vulnerabilities for a specific software version using the NIST NVD MCP Server? +
Use search_cve_by_cpe. You need to provide the Common Platform Enumeration (CPE) string first. This tool ensures you are only looking at CVEs that match that precise product identifier.
What if I don't know the exact CPE, but I know the software name? +
Start with search_cpe_by_keyword. This tool scans the dictionary by keyword and gives you a list of potential UUIDs. You can then feed those IDs into other tools for deeper analysis.
Can I filter my searches to only show 'Critical' flaws? Which tool do I use? +
You must use search_cve_by_severity. This tool lets you specify the minimum severity level, ensuring your results are prioritized for risk mitigation.
How can I check if a vulnerability has been updated recently? +
Use get_cve_change_history or combine it with search_cve_by_date. This lets you see when the record was modified, giving you insight into whether the data is fresh.
How do I use the get_cve_by_id tool to retrieve basic details for a known CVE? +
You pass the full identifier, like 'CVE-2023-1234', directly to the tool. The response gives you immediate context: CVSS score, description summary, and initial affected software types.
If I know a weakness type but not a product, how do I use search_cve_by_cwe? +
Use the tool with the specific CWE ID (e.g., 'CWE-89'). This returns all known CVEs associated with that vulnerability class, letting you assess the general risk area.
What is the purpose of the get_cpe_by_id tool? +
This tool checks a specific UUID against the CPE dictionary. It verifies if the identifier is valid and returns the structured product name, confirming its existence in the NVD catalog.
When should I use search_cve_by_keyword instead of searching by product? +
Use search_cve_by_keyword when you're investigating a general threat or exploit name, rather than focusing on a single piece of software. This casts a wider net for related vulnerabilities.
Is an API Key mandatory? +
No. The NVD API allows public access without a key. However, using a key increases your rate limit significantly (up to 50 requests per 30 seconds).
What is a CPE string? +
CPE (Common Platform Enumeration) is a structured naming scheme for information technology systems, software, and packages (e.g., cpe:2.3:a:microsoft:exchange_server:2019).
How far back can I search for vulnerabilities? +
The NVD contains vulnerabilities dating back to the late 1990s. You can search the entire database by ID or keyword.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.