NIST NVD

NIST NVD MCP Connector for Claude

A+

Access authoritative vulnerability and product data via NIST NVD — track CVEs, CPEs, and security history directly from your AI agent.

10 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect to the National Vulnerability Database (NVD) API through your AI agent and explore the world's most comprehensive archive of cybersecurity vulnerabilities and product data using natural conversation.

What you can do

  • CVE Discovery — Search for Common Vulnerabilities and Exposures (CVEs) by ID, keyword, or specific weakness (CWE).
  • Product Security — Find all vulnerabilities associated with a specific product or version using its Common Platform Enumeration (CPE) string.
  • Severity Analysis — Filter vulnerabilities based on their CVSS V3 severity level (Low to Critical) to prioritize risks.
  • Temporal Tracking — Search for CVEs published or modified within specific date ranges to monitor recent threats.
  • Product Dictionary — Query the official CPE dictionary by keyword or UUID to identify software and hardware products.
  • Change History — Retrieve a detailed log of updates and modifications made to the vulnerability database.

How it works

  1. Subscribe to this server
  2. (Optional) Enter your NIST NVD API Key for higher rate limits
  3. Start exploring vulnerability intelligence from Claude, Cursor, or any MCP client

Who is this for?

  • Security Researchers & Analysts — quickly retrieve CVE details or CVSS scores for risk assessment and mitigation.
  • DevOps & IT Teams — monitor for new vulnerabilities affecting the specific products and versions in your stack.
  • Compliance Officers — automate the gathering of vulnerability data for security audits and reporting.
cvecybersecurityvulnerability-managementthreat-intelligencesecurity-standardsproduct-security

10 tools expose this connector's capabilities to your AI agent.

get_cpe_by_id

Get CPE dictionary entry by UUID

get_cve_by_id

g. CVE-2023-1234). Get CVE details by ID

get_cve_change_history

Retrieve CVE change history

list_cpe_matches

List valid CPE match strings

search_cpe_by_keyword

Search product dictionary by keyword

search_cve_by_cpe

Find CVEs for a product (CPE)

search_cve_by_cwe

g. CWE-89). Find CVEs by weakness (CWE)

search_cve_by_date

Search CVEs by publication date

search_cve_by_keyword

Search CVEs by keyword

search_cve_by_severity

Filter CVEs by severity

See how to talk to your AI agent using NIST NVD.

Get the details for CVE-2023-23397.

Retrieving CVE-2023-23397... This is a Critical elevation of privilege vulnerability in Microsoft Outlook with a CVSS score of 9.8. It allows an attacker to steal NTLM hashes. Would you like to see the list of affected software versions (CPEs)?

Search for vulnerabilities in 'WordPress' with CRITICAL severity.

Searching NVD... I've found several critical vulnerabilities affecting WordPress core and popular plugins. The most recent include CVE-2023-XXXX (Remote Code Execution). Shall I provide the full description for the most recent one?

What is the official CPE name for 'Windows 11'?

Querying CPE dictionary... The primary CPE 2.3 name for Windows 11 is 'cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:*:*'. I also found specific versions for various builds. Would you like to search for CVEs affecting this specific CPE?

No. The NVD API allows public access without a key. However, using a key increases your rate limit significantly (up to 50 requests per 30 seconds).

Related Connectors