A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights.
VulnMCP
VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.
Features
- Vulnerability Severity Classification -- Automatically assess the criticality of vulnerabilities using CIRCL's fine-tuned NLP models: CIRCL/vulnerability-severity-classification-roberta-base (English) and CIRCL/vulnerability-severity-classification-chinese-macbert-base (Chinese).
- CWE Classification -- Predict CWE categories from vulnerability descriptions using CIRCL/cwe-parent-vulnerability-classification-roberta-base.
- Vulnerability Lookup -- Query the Vulnerability Lookup API to get detailed information about specific CVEs or search vulnerabilities by source, CWE, product, or date.
- Modular Architecture -- Easily add new skills or tools to expand the functionality of the MCP server.
Installation
Requires Python 3.10+ and Poetry v2+.
git clone https://github.com/vulnerability-lookup/VulnMCP.git
cd VulnMCP
poetry install
Running the MCP server
stdio (default)
The default transport, used by most MCP clients (Claude Code, Claude Desktop, etc.):
poetry run vulnmcp
HTTP transport
For network access or multiple concurrent clients:
poetry run fastmcp run vulnmcp/server.py --transport http --host 127.0.0.1 --port 9000
Available tools
| Tool | Description |
|------|-------------|
| classify_severity | Classify vulnerability severity (low/medium/high/critical) from a text description. Supports English and Chinese with auto-detection. |
| classify_cwe | Predict CWE categories from a vulnerability description. Returns top-5 predictions with parent CWE mapping. |
| get_recent_vulnerabilities_by_cwe | Fetch the 3 most recent CVEs for a given CWE ID. |
| get_vulnerability | Look up a specific vulnerability by ID (e.g. CVE-2025-14847) with optional comments, sightings, bundles, and linked vulnerabilities. |
| search_vulnerabilities | Search vulnerabilities with filters: source, CWE, product, date range, pagination. |
List all tools:
poetry run fastmcp list vulnmcp/server.py
Testing tools from the command line
Use fastmcp call to invoke any tool directly:
# Look up a specific CVE
poetry run fastmcp call vulnmcp/server.py get_vulnerability vulnerability_id=CVE-2025-14847
# Search for recent SQL injection vulnerabilities
poetry run fastmcp call vulnmcp/server.py search_vulnerabilities cwe=CWE-89 per_page=5
# Classify severity from a description
poetry run fastmcp call vulnmcp/server.py classify_severity \
description="A remote code execution vulnerability allows an attacker to execute arbitrary code via a crafted JNDI lookup."
# Classify CWE from a description
poetry run fastmcp call vulnmcp/server.py classify_cwe \
description="Fix buffer overflow in authentication handler"
Connecting to Claude Code
Register VulnMCP as an MCP server in Claude Code with:
claude mcp add vulnmcp -- poetry --directory /path/to/VulnMCP run vulnmcp
Or with fastmcp install:
poetry run fastmcp install claude-code vulnmcp/server.py --name VulnMCP
Once registered, the tools are available to Claude Code. You can verify with:
claude mcp list
Configuration
| Environment variable | Description | Default |
|---------------------|-------------|---------|
| VULNMCP_LOOKUP_URL | Base URL for the Vulnerability Lookup API | https://vulnerability.circl.lu |