io.github.cyanheads/nist-nvd-mcp-server
Search and audit NIST NVD CVEs by keyword, severity, CWE, CISA KEV status, and CPE.
Using io.github.cyanheads/nist-nvd-mcp-server in Claude, Cursor, Gemini CLI, Cline, or Zed?
MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).
Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less
curl -fsSL https://mcpindex.ai/install.sh | shSemantic screen found no manipulation pattern in the description. Conformance probe not yet run.
mcpindex.integrity.descriptionpassINFOevidence“Declared capability, no hidden instructions”via static_description
- - Semantic screen only - the deterministic conformance probe has not run on this server
- - Confidence is reported but not yet calibrated (v1)
- - Screen reads the tool description, not the live behavior
- - advisory
- - registry description only no input schema
- - screen model 8b
Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.
Own this server? Screen its description →
A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.
[](https://mcpindex.ai/server/io-github-cyanheads-nist-nvd-mcp-server)<a href="https://mcpindex.ai/server/io-github-cyanheads-nist-nvd-mcp-server"><img src="https://mcpindex.ai/api/v1/badge/io-github-cyanheads-nist-nvd-mcp-server" alt="mcpindex verdict" height="20" /></a>NVD_API_KEYNVD API key. Without it, rate limit is 5 req/30s; with it, 50 req/30s. Get one free at nvd.nist.gov/developers/request-an-api-key.
NVD_REQUEST_TIMEOUT_MSPer-request timeout in milliseconds. Raise to 60000 when using nvd_get_cve_history without an API key.
MCP_LOG_LEVELSets the minimum log level for output (e.g., 'debug', 'info', 'warn').
NVD_API_KEYNVD API key. Without it, rate limit is 5 req/30s; with it, 50 req/30s. Get one free at nvd.nist.gov/developers/request-an-api-key.
NVD_REQUEST_TIMEOUT_MSPer-request timeout in milliseconds. Raise to 60000 when using nvd_get_cve_history without an API key.
MCP_HTTP_HOSTThe hostname for the HTTP server.
MCP_HTTP_PORTThe port to run the HTTP server on.
MCP_HTTP_ENDPOINT_PATHThe endpoint path for the MCP server.
MCP_AUTH_MODEAuthentication mode to use: 'none', 'jwt', or 'oauth'.
MCP_LOG_LEVELSets the minimum log level for output (e.g., 'debug', 'info', 'warn').
Remote MCP server for Tandem docs, install guides, SDKs, workflows, and agent setup help.
Google Ads MCP server — manage campaigns, keywords, and metrics.
Publish markdown documents as public share links with mermaid diagram support. Built by AutEng.ai