Share
## https://sploitus.com/exploit?id=530891A2-9B72-53B4-8C8C-C2608435E23C
# NotCVE MCP Server
[](https://glama.ai/mcp/servers/notcve/mcp-server)
Live vulnerability intelligence for AI agents β **365,000+ CVEs and NotCVEs**
enriched from **80+ correlated sources**: CVSS, EPSS, CISA KEV, SSVC,
NIST-repaired affected versions, advisories, exploits and patch diffs.
Backed by [notcve.org](https://notcve.org), the vulnerability registry that
also assigns public, timestamped **NotCVE IDs** to vulnerabilities not
acknowledged by vendors.
- **Hosted endpoint (recommended):** `https://notcve.org/mcp` β Streamable
HTTP with OAuth 2.1 + PKCE or static Bearer token. No install.
- **This repo:** a zero-dependency stdio bridge (`server.py`, pure Python
stdlib) for stdio-only clients and containerized runs.
- **Docs:**
## Tools (17)
| Tool | Credits | Purpose |
|---|---|---|
| `account_status` | 0 | Plan, credits, capability flags |
| `search_help` | 0 | Search filter / mode reference |
| `tirs_facets` | 0 | TIR counts by type and source |
| `get_vulnerability_summary` | 1 | Compact CVE/NotCVE summary + retrieval advice |
| `get_cve` / `get_notcve` | 1 | Full canonical record (metadata + CPEs + TIR stubs) |
| `list_vulnerability_tirs` | 1 | Paginated TIR metadata, filter by type/source |
| `get_vulnerability_tir_content` | 1 | One TIR payload (exploit code, rule body, patch) |
| `get_exploit_material` | 1+ | Exploit/patch material for a CVE in one call |
| `list_affected_versions` | 1 | Affected-version rows, paginated |
| `check_version_impact` | 1 | Yes/no impact for vendor/product/version |
| `bulk_get_summary` | 1 | Summaries for up to 10 IDs at once |
| `compare_versions` | 1 | Which CVEs affect which versions |
| `version_exposure` | 1 | CVEs affecting a vendor/product/version + rollup |
| `stack_check` | 1 | Triage up to 10 stack components at once |
| `recent_kev` | 1 | Recently added CISA KEV entries |
| `search_vulnerabilities` | 1 / 2 | Typed-arg search (`search_mode=deep` = 2) |
## Quick start β hosted endpoint
The hosted server is the best experience for clients that speak Streamable
HTTP (Claude, ChatGPT, Claude Code, Cursor, Codex CLIβ¦). MCP access is
included in [Essential and Professional plans](https://notcve.org/pricing/);
get your API token from the [dashboard](https://notcve.org/user/).
**Claude (claude.ai / Desktop)** β Settings β Connectors β Add custom
connector β `https://notcve.org/mcp` β Connect (OAuth).
**Claude Code**
```bash
claude mcp add --transport http notcve https://notcve.org/mcp
# or with a static token:
claude mcp add --transport http notcve https://notcve.org/mcp \
--header "Authorization: Bearer YOUR_API_TOKEN"
```
**Cursor** (`~/.cursor/mcp.json`)
```json
{
"mcpServers": {
"notcve": {
"url": "https://notcve.org/mcp",
"headers": { "Authorization": "Bearer YOUR_API_TOKEN" }
}
}
}
```
**Codex CLI** (`~/.codex/config.toml`)
```toml
[mcp_servers.notcve]
url = "https://notcve.org/mcp"
headers = { Authorization = "Bearer YOUR_API_TOKEN" }
```
## Quick start β stdio bridge (this repo)
For stdio-only MCP clients, or wherever you prefer a local process. Pure
Python β₯ 3.8 standard library β nothing to `pip install`.
```bash
git clone https://github.com/notcve/mcp-server.git
cd mcp-server
NOTCVE_API_TOKEN=YOUR_API_TOKEN python3 server.py
```
Generic stdio client config:
```json
{
"mcpServers": {
"notcve": {
"command": "python3",
"args": ["/path/to/mcp-server/server.py"],
"env": { "NOTCVE_API_TOKEN": "YOUR_API_TOKEN" }
}
}
}
```
Or with Docker:
```bash
docker build -t notcve-mcp .
docker run -i --rm -e NOTCVE_API_TOKEN=YOUR_API_TOKEN notcve-mcp
```
`initialize` and `tools/list` are answered locally (no credentials needed),
so the server introspects cleanly out of the box; `tools/call` forwards to
the hosted endpoint with your token.
## Environment
| Variable | Default | Purpose |
|---|---|---|
| `NOTCVE_API_TOKEN` | β | Your NotCVE API token (dashboard β API). Required for tool calls. |
| `NOTCVE_MCP_URL` | `https://notcve.org/mcp` | Hosted endpoint override. |
## Example prompts
> Using NotCVE MCP, find vulnerabilities updated in the last 14 days with
> CVSS β₯ 8.5 and at least one public exploit. Summarise the top 10.
> Check whether apache log4j 2.14.1 is affected by CVE-2021-44228, then
> list the lowest fixed version.
> Compare openssl 3.0.5, 3.0.13 and 3.0.15 and tell me which CVEs each
> upgrade resolves.
## Links
- Docs: Β· REST API:
- Plans & pricing:
- What is a NotCVE? Β· Request one:
## License
[MIT](LICENSE)