You're viewing a demo portfolio

Join the waitlist
PRSM

cve_security_lookup

Active

Tool of gapup-mcp

declared in 0.2.0

Look up CVE vulnerability data for enterprise security teams, DevSecOps and SOC analysts. Supports two modes: exact CVE ID lookup (e.g. 'CVE-2024-3094') or keyword search by product/vendor (e.g. 'openssl', 'Apache Tomcat'). Cross-references four authoritative keyless sources: NVD NIST (official CVE database, CVSS v3 scores, affected CPEs), CISA KEV (Known Exploited Vulnerabilities catalog — exploit_in_wild flag), EPSS FIRST (exploit probability 0-1), GitHub Security Advisories (ecosystem-specific: npm/pypi/maven). Returns structured vulnerability records with CVSS v3 scores, affected product version ranges, CWE weakness classification, references and exploitation status. Signals engine produces P0/P1/P2 alerts: P0=CVSS>=9 + active exploitation, P1=CVSS>=7 or EPSS>=70%, P2=CWE pattern clusters. Relevant for EU NIS2 and DORA supply chain risk obligations. Optional env: NVD_API_KEY (raises NVD rate-limit 5→50 req/30s), GITHUB_TOKEN (raises GHSA GraphQL rate-limit). Cache TTL 6h. SLA <=25s p95.

Parameters schema

{
  "type": "object",
  "required": [
    "query"
  ],
  "properties": {
    "mode": {
      "enum": [
        "lookup",
        "search"
      ],
      "type": "string",
      "description": "Override auto-detection: \"lookup\" for exact CVE ID, \"search\" for product/vendor keyword."
    },
    "async": {
      "type": "boolean",
      "description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
    },
    "query": {
      "type": "string",
      "maxLength": 200,
      "minLength": 3,
      "description": "CVE ID (e.g. \"CVE-2024-3094\") or product/vendor keyword (e.g. \"openssl\", \"Apache Tomcat\"). Mode is auto-detected from the CVE-YYYY-XXXXX pattern."
    },
    "max_results": {
      "type": "number",
      "maximum": 50,
      "minimum": 5,
      "description": "Maximum number of vulnerabilities to return (default 20, max 50)."
    },
    "severity_min": {
      "enum": [
        "low",
        "medium",
        "high",
        "critical"
      ],
      "type": "string",
      "description": "Minimum CVSS v3 severity to include in results (default: no filter)."
    },
    "published_after": {
      "type": "string",
      "description": "ISO date YYYY-MM-DD — only include CVEs published after this date. Defaults to 365 days ago for search mode."
    }
  }
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.70.

Parent server

gapup-mcp

https://github.com/getgapup/gapup-mcp-public

2/7 registries
View full server →
cve_security_lookup — gapup-mcp — PRSM MCP