cve_security_lookup
ActiveTool of gapup-mcp
Look up CVE vulnerability data for enterprise security teams, DevSecOps and SOC analysts. Supports two modes: exact CVE ID lookup (e.g. 'CVE-2024-3094') or keyword search by product/vendor (e.g. 'openssl', 'Apache Tomcat'). Cross-references four authoritative keyless sources: NVD NIST (official CVE database, CVSS v3 scores, affected CPEs), CISA KEV (Known Exploited Vulnerabilities catalog — exploit_in_wild flag), EPSS FIRST (exploit probability 0-1), GitHub Security Advisories (ecosystem-specific: npm/pypi/maven). Returns structured vulnerability records with CVSS v3 scores, affected product version ranges, CWE weakness classification, references and exploitation status. Signals engine produces P0/P1/P2 alerts: P0=CVSS>=9 + active exploitation, P1=CVSS>=7 or EPSS>=70%, P2=CWE pattern clusters. Relevant for EU NIS2 and DORA supply chain risk obligations. Optional env: NVD_API_KEY (raises NVD rate-limit 5→50 req/30s), GITHUB_TOKEN (raises GHSA GraphQL rate-limit). Cache TTL 6h. SLA <=25s p95.
Parameters schema
{
"type": "object",
"required": [
"query"
],
"properties": {
"mode": {
"enum": [
"lookup",
"search"
],
"type": "string",
"description": "Override auto-detection: \"lookup\" for exact CVE ID, \"search\" for product/vendor keyword."
},
"async": {
"type": "boolean",
"description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
},
"query": {
"type": "string",
"maxLength": 200,
"minLength": 3,
"description": "CVE ID (e.g. \"CVE-2024-3094\") or product/vendor keyword (e.g. \"openssl\", \"Apache Tomcat\"). Mode is auto-detected from the CVE-YYYY-XXXXX pattern."
},
"max_results": {
"type": "number",
"maximum": 50,
"minimum": 5,
"description": "Maximum number of vulnerabilities to return (default 20, max 50)."
},
"severity_min": {
"enum": [
"low",
"medium",
"high",
"critical"
],
"type": "string",
"description": "Minimum CVSS v3 severity to include in results (default: no filter)."
},
"published_after": {
"type": "string",
"description": "ISO date YYYY-MM-DD — only include CVEs published after this date. Defaults to 365 days ago for search mode."
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
gapup-mcp
https://github.com/getgapup/gapup-mcp-public
2/7 registries