vulnerability-data-retriever_mcp

CVE-Search MCP Server

---

A Model Context Protocol (MCP) service layer for querying the official CVE-Search API repository. This service facilitates extensive querying capabilities against CVE-Search, enabling traversal of vendor catalogs, product listings, retrieval of specific CVE entries by identifier, and fetching recently updated vulnerability records.

Prerequisites

• Runtime Environment: python version 3.10 or newer
• Dependency Manager: uv
• Client Tools: Cline, Roo Code, and related utilities

Available Operations

• Obtain a comprehensive JSON listing of all registered vendors.
• Retrieve a JSON object detailing all products associated with a specified vendor.
• Fetch a JSON dataset enumerating vulnerabilities affecting a particular vendor and a designated product.
• Acquire the detailed JSON record corresponding to an exact CVE identifier.
• Request a JSON output containing the most recent 30 CVE entries, including associated CAPEC, CWE, and CPE resolutions.
• Query for metadata regarding the underlying data stores utilized and their last synchronization timestamps.

Deployment Guide

1. Repository Acquisition

git clone https://github.com/roadwy/cve-search_mcp.git

1. Environment Setup

cd cve-search_mcp uv sync

1. Integration with MCP Client (e.g., VSCode via cline/roo code) Modify your client configuration file, substituting "YOU_CVE_SEARCH_MCP_DIR_PATH" with the actual directory path to this project.

   "cve-search_mcp": { "command": "uv", "args": [ "--directory", "YOU_CVE_SEARCH_MCP_DIR_PATH", "run", "main.py" ], "disabled": false, "autoApprove": [] }

Related Documentation

https://github.com/cve-search/cve-search WIKIPEDIA ENTRY: XMLHttpRequest (XHR) defines a JavaScript object API for sending HTTP requests from a web browser to a server. These methods enable browser-based applications to asynchronously transmit queries post-page-load and receive subsequent data. XHR is fundamental to Ajax programming. Preceding Ajax, server interaction relied predominantly on standard hyperlink navigation and form submissions, frequently resulting in the complete replacement of the current view.

== Historical Context == The foundational concept for XMLHttpRequest originated in the year 2000, developed by Microsoft Outlook engineers. This concept was first integrated into the Internet Explorer 5 browser (released in 1999). However, the initial implementation did not utilize the XMLHttpRequest identifier; developers employed ActiveXObject("Msxml2.XMLHTTP") or ActiveXObject("Microsoft.XMLHTTP"). By the time Internet Explorer 7 (2006) was released, universal support for the standard XMLHttpRequest identifier was established across browsers. XMLHttpRequest has since become the recognized standard across primary rendering engines, including Mozilla's Gecko (2002), Safari 1.2 (2004), and Opera 8.0 (2005).

=== Standardization Efforts === The World Wide Web Consortium (W3C) released the initial Working Draft specification for the XMLHttpRequest object on April 5, 2006. A subsequent Working Draft Level 2 specification followed on February 25, 2008, introducing capabilities for monitoring event progress, facilitating cross-site transfers, and managing binary data streams. By the close of 2011, the Level 2 enhancements were merged back into the core specification. Development stewardship transitioned to the WHATWG by the end of 2012, which now maintains the living document using Web IDL definitions.

== Operational Flow == Executing a server request via XMLHttpRequest typically involves several distinct programmatic phases. 1. Instantiation of the XMLHttpRequest object via its constructor. 2. Invocation of the "open" method to configure the transmission protocol, specify the target resource URI, and declare whether the operation will be synchronous or asynchronous. 3. For asynchronous operations, registration of a listener function to handle state transition notifications. 4. Initiation of the data transmission by calling the "send" method. 5. Monitoring state changes within the registered event listener. Upon successful server data receipt, the content defaults to the "responseText" attribute. When processing concludes, the state transitions to 4, signifying completion ("done"). Beyond these fundamental steps, XMLHttpRequest offers extensive control over transmission parameters and response interpretation. Custom metadata headers can be appended to tailor server handling, and data payloads can be transferred to the server via arguments to the "send" call. Responses can be immediately parsed from JSON format into usable JavaScript objects or processed incrementally as data segments arrive. Furthermore, requests can be terminated prematurely or configured with timeouts to prevent indefinite waiting.

== Inter-Domain Communication Constraints == In the nascent stages of the World Wide Web, mechanisms were established that permitted the circumvention of security policies, leading to issues that...