circl-cve-search

This MCP server provides convenient access to the CIRCL CVE SEARCH API through a dedicated server interface. It exposes tools for retrieving detailed CVE information (get_cve), browsing CVEs by vendor (browse_vendor), and obtaining CWE (get_cwe) and CAPEC (get_capec) data. The server includes retry logic with exponential backoff to handle transient API failures, structured and readable response formatting, improved error messages, and input validation to help ensure robust interactions with the underlying CIRCL CVE SEARCH API.

To use it in your MCP client, add the server configuration under mcpServers. You can then invoke the available tools by name with the required arguments. For example, get_cve requires a cve_id such as CVE-2021-44228, browse_vendor accepts a vendor name and an optional limit, get_cwe and get_capec require their respective IDs, and you will receive either a structured payload or useful error guidance if inputs are invalid or the upstream API experiences issues.

Prerequisites:

• Node.js (LTS version) and npm installed on your system
• Access to the internet to install the MCP server package from npm

Step-by-step installation:

1. Ensure Node.js and npm are installed:
   • Check versions: node -v and npm -v
2. Install the MCP server package:
   • npm install @cyreslab/circl-cve-search-mcp-server
3. Build the server (if applicable):
   • npm run build
4. Run the server in development mode (for testing):
   • npm run dev
5. Start in production (if a start script is provided or you configure your own process manager):
   • npm start

If you prefer running via npx without a local install, you can use:

• npx @cyreslab/circl-cve-search-mcp-server

Note: You may need to adapt start/run commands to your environment and process manager (PM2, systemd, etc.).

Tips and considerations:

• The server uses the CIRCL CVE SEARCH API; monitor usage to avoid rate limits and respect any service guidelines.
• If you encounter rate limiting or network issues, rely on the built-in retry logic with exponential backoff.
• Validate inputs before calling tools (e.g., proper CVE IDs, vendor names) to improve success rates and reduce error responses.
• The tools return structured data with key fields highlighted; use the raw data option if you need complete information for deep dives.
• Environment-specific configuration (e.g., port, CORS, logging) may require additional setup in your deployment environment.