# NIST NVD MCP

> NIST NVD provides direct, conversational access to the National Vulnerability Database (NVD). Your agent can search for common vulnerabilities and exposures (CVEs), map threats to specific products using CPE strings, or analyze risk based on severity levels. It’s your single source for authoritative cybersecurity product data.

## Overview
- **Category:** the-unthinkable
- **Price:** Free
- **Tags:** cve, cybersecurity, vulnerability-management, threat-intelligence, security-standards, product-security

## Description

Think of this MCP as a direct line to the global repository of security weaknesses. You connect it through Vinkius, giving your AI agent access to the world's most comprehensive archive of vulnerability and product information.

Instead of jumping between government sites or running complex queries in a dashboard, you just talk to your agent. Need to know if 'Microsoft Word 2019' has any known critical flaws? Ask it. Want to check every weakness associated with a specific component version? It handles that too. You can filter threats by how severe they are—Low, Medium, or Critical—to prioritize what needs fixing right now. The tool also lets you track changes in the database over time, so you always know if a threat was recently added or updated. This capability makes it an essential resource for anyone managing digital risk.

## Tools

### get_cpe_by_id
Retrieves a specific entry from the CPE product dictionary using its unique UUID.

### get_cve_by_id
Fetches all details for a known Common Vulnerabilities and Exposures (CVE) identifier.

### get_cve_change_history
Retrieves a detailed log showing when a specific CVE entry was modified or updated in the NVD database.

### list_cpe_matches
Lists valid CPE match strings to help you understand product scope and applicability.

### search_cpe_by_keyword
Searches the entire product dictionary for entries matching a specified keyword.

### search_cve_by_cpe
Finds all associated CVE vulnerabilities that affect a specific product defined by its CPE string.

### search_cve_by_cwe
Searches for CVEs linked to a weakness type, such as CWE-89 (SQL Injection).

### search_cve_by_date
Filters the database to find CVEs that were published or modified within a specific date range.

### search_cve_by_keyword
Performs a broad search across all vulnerability data using general keywords.

### search_cve_by_severity
Narrows down the results to only show CVEs that meet a specific CVSS severity level (e.g., Critical).

## Prompt Examples

**Prompt:** 
```
Get the details for CVE-2023-23397.
```

**Response:** 
```
Retrieving CVE-2023-23397... This is a Critical elevation of privilege vulnerability in Microsoft Outlook with a CVSS score of 9.8. It allows an attacker to steal NTLM hashes. Would you like to see the list of affected software versions (CPEs)?
```

**Prompt:** 
```
Search for vulnerabilities in 'WordPress' with CRITICAL severity.
```

**Response:** 
```
Searching NVD... I've found several critical vulnerabilities affecting WordPress core and popular plugins. The most recent include CVE-2023-XXXX (Remote Code Execution). Shall I provide the full description for the most recent one?
```

**Prompt:** 
```
What is the official CPE name for 'Windows 11'?
```

**Response:** 
```
Querying CPE dictionary... The primary CPE 2.3 name for Windows 11 is 'cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*'. I also found specific versions for various builds. Would you like to search for CVEs affecting this specific CPE?
```

## Capabilities

### Identify vulnerabilities by product
You can find all known flaws linked to a specific piece of software or hardware using its official Common Platform Enumeration (CPE) string.

### Search for weaknesses by type
The MCP lets you look up vulnerabilities based on the underlying weakness, like CWE-89, rather than just knowing the CVE ID.

### Filter threats by risk level
You can narrow down thousands of results to see only those vulnerabilities rated as Critical or High severity for immediate action.

### Track historical changes
Retrieve a log detailing when vulnerability records were published, modified, or updated in the NVD database.

### Query official product dictionaries
You can search the CPE dictionary by simple keywords to identify potential software and hardware products involved in an exploit.

## Use Cases

### Responding to an incident report
A security analyst receives a suspicious alert mentioning 'Log4j' and needs immediate context. They ask their agent, which uses search_cve_by_keyword, to pull all relevant CVEs and then use search_cve_by_severity to filter the list down only to those rated Critical, providing an actionable remediation list.

### Onboarding a new product
A DevOps engineer is deploying a new internal microservice. They ask their agent to search_cpe_by_keyword for all components used in the stack, then use search_cve_by_cpe on each component's CPE ID to guarantee no known flaws are present before launch.

### Preparing for an audit
A compliance officer needs proof of due diligence regarding outdated software. They instruct their agent to search_cve_by_date for vulnerabilities published in the last quarter, and then use get_cve_change_history to prove they are tracking timely updates.

### Deep dive threat hunting
A researcher needs to understand a specific type of weakness. They ask their agent to search_cve_by_cwe, targeting only injection flaws (CWE-89), and then use get_cve_by_id on the most severe results for technical details.

## Benefits

- Stop guessing about risk. Use search_cve_by_severity to filter thousands of results down to only Critical or High-risk threats, letting you focus on immediate patching needs.
- Pinpoint affected products instantly. Running search_cve_by_cpe correlates vulnerabilities directly with a product's official CPE string, eliminating guesswork about scope.
- Contextualize your findings. Instead of just seeing a CVE ID, get detailed information via get_cve_by_id and understand the full impact on your infrastructure.
- Stay ahead of zero-days. Use search_cve_by_date to monitor only vulnerabilities published in the last 48 hours, ensuring you track emerging threats rapidly.
- Validate product scope using get_cpe_by_id. If you aren't sure what the official CPE for a piece of software is, this tool gives you the authoritative reference needed before running any vulnerability checks.

## How It Works

The bottom line is you get authoritative vulnerability intelligence without writing complex API calls or navigating dense government websites.

1. Subscribe to this MCP via Vinkius. You might need your NIST NVD API Key if you expect high usage.
2. Direct your natural language query to your AI client, referencing the product or threat details needed.
3. The agent uses the relevant tool to search and return a structured list of vulnerabilities, CPEs, severity scores, or historical data.

## Frequently Asked Questions

**How do I find all vulnerabilities affecting 'Apache Struts' using NIST NVD?**
You can first search_cve_by_keyword with 'Apache Struts'. Then, use the CPEs found to run search_cve_by_cpe for a complete list of related CVEs.

**Can I check if my current software versions are listed in NIST NVD?**
Yes. You can start by using search_cpe_by_keyword to find the official CPE name, and then pass that identifier into search_cve_by_cpe to see all known flaws.

**Does NIST NVD help me prioritize which vulnerabilities to fix?**
Absolutely. Use search_cve_by_severity to filter results by CVSS score—you can narrow the focus instantly to Critical, High, or Medium risks for quick action.

**What is the difference between get_cve_by_id and search_cve_by_keyword?**
get_cve_by_id gives you everything about one specific flaw (e.g., CVE-2023-1234). search_cve_by_keyword finds all flaws related to a general topic or component name.

**How do I know if the vulnerability data is recent?**
Use search_cve_by_date. This tool lets you narrow down results based on publication date, ensuring your assessment covers only recently reported threats.