// MCP TOOL REFERENCE

CVE MCP SERVER TOOLS

27 tools from the CVE MCP Server MCP Server, categorised by risk level.

View the CVE MCP Server policy →
// ALL 27 CVE MCP SERVER TOOLS
READ 27 tools
Read parse_cvss Parse and explain a CVSS vector string (v2, v3.x, or v4.0). Args: vector: CVSS vector string (... Read calculate_risk_score Calculate a composite 0-100 risk score using CVSS, EPSS, KEV, and PoC data. Read check_exploit_availability Search GitHub for public proof-of-concept (PoC) exploit repositories for a CVE. Results are sorted by s... Read check_ip_reputation Check an IP address reputation via AbuseIPDB and GreyNoise Community. Returns abuse confidence score, c... Read check_kev Check if a CVE is in the CISA Known Exploited Vulnerabilities (KEV) catalog. Args: cve_id: CVE... Read check_package_vulns Check a package for known vulnerabilities via OSV.dev. Args: package: Package name (e.g. log4j... Read check_poc_exists Search for proof-of-concept exploits across GitHub, Exploit-DB, and Nuclei templates. Read check_ransomware_intel Check if a Bitcoin address is associated with a known ransomware family using the Ransomwhere database.... Read check_url_safety Check a URL or domain for malicious activity via URLScan.io. Returns scan verdicts, malicious flag, sco... Read compare_cves Compare multiple CVEs by risk score and generate a patch priority ranking. Read get_attack_mapping Map a CVE to MITRE ATT&CK techniques and associated threat groups. Downloads the ATT&CK dataset lazily ... Read get_cve_summary Get a comprehensive one-page summary of a CVE: severity, EPSS, KEV status, description, weaknesses, and... Read get_cve_timeline Build a complete CVE lifecycle timeline: NVD publication date, EPSS score history, CISA KEV addition da... Read get_domain_intel Get domain intelligence: certificate transparency logs (crt.sh) and passive DNS records (CIRCL PDNS). R... Read get_epss_score Get EPSS (Exploit Prediction Scoring System) scores for one or more CVEs. Args: cve_ids: Comma... Read get_vendor_advisory Fetch vendor security advisories for a CVE from Microsoft (MSRC), Red Hat, and Ubuntu. Shows patch avai... Read health_check Check the health of the CVE MCP server: NVD connectivity, KEV catalog status, and cache statistics. ... Read lookup_cve Look up a CVE by ID from NVD. Returns full details including CVSS scores, description, weaknesses, and ... Read lookup_file_hash Look up a file hash (MD5/SHA1/SHA256) against MalwareBazaar and VirusTotal. Returns malware family, det... Read lookup_malware_family Look up an IOC (IP, domain, URL, or hash) against ThreatFox for malware family attribution. Returns con... Read passive_dns_lookup Query CIRCL Passive DNS for historical DNS resolutions of an IP or domain. Shows what hostnames have re... Read scan_container_packages Scan container image packages (Alpine, Debian, Ubuntu OS packages) for known CVEs via OSV.dev. Input sh... Read scan_dependencies Bulk scan application dependencies for known CVEs via OSV.dev. Supports requirements.txt (PyPI), packag... Read scan_repo_secrets Search GitHub public repositories for potential exposed credentials or secrets related to a search term... Read search_cves Search NVD for CVEs by keyword and optional severity filter. Args: query: Keyword to search (l... Read shodan_host_lookup Look up a host on Shodan: open ports, running services, OS, CVEs on the host. Requires SHODAN_KEY envir... Read generate_vuln_report Generate a vulnerability report in executive, technical, or full format.

Route CVE MCP Server through PolicyLayer and every one of its 27 tools is checked against your policy before it runs.

CHECK YOUR STACK →

See every tool, the dangerous ones, and the token cost across your stack.

// FAQ
How many tools does the CVE MCP Server MCP server have? +

The CVE MCP Server MCP server exposes 27 tools across 1 categories: Read.

How do I enforce policies on CVE MCP Server tools? +

Route the CVE MCP Server server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do CVE MCP Server tools fall into? +

CVE MCP Server tools are categorised as Read (27). Each category has a recommended default policy.

Enforce policy on every CVE MCP Server tool call.

Start from CVE MCP Server, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

CHECK YOUR STACK →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.