@modular-intelligence/nvd-lookup 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +296 -0
  2. package/dist/index.js +44950 -0
  3. package/package.json +35 -0
package/README.md ADDED
@@ -0,0 +1,296 @@
1
+ # NVD Lookup MCP Server
2
+
3
+ Deep integration with the NIST National Vulnerability Database (NVD) API for comprehensive vulnerability intelligence.
4
+
5
+ ## Overview
6
+
7
+ This MCP server provides advanced CVE research capabilities through direct integration with the NVD REST API. It extends basic CVE lookup with CPE product searching, vulnerability statistics, change tracking, and CWE weakness analysis.
8
+
9
+ ## Features
10
+
11
+ - **CVE Detail Lookup**: Comprehensive vulnerability information including CVSS v3/v4 scores, CWE mappings, references, and affected product configurations
12
+ - **Advanced CVE Search**: Filter by keywords, severity levels, date ranges, and CISA KEV (Known Exploited Vulnerabilities) status
13
+ - **CPE Dictionary Search**: Find Common Platform Enumeration identifiers for products and vendors
14
+ - **Product Vulnerability Analysis**: Discover all CVEs affecting specific software versions
15
+ - **Change Tracking**: Monitor CVE modifications, status changes, and metadata updates
16
+ - **Vulnerability Statistics**: Aggregate metrics by severity, publication trends, and CVSS distributions
17
+ - **CWE Weakness Intelligence**: Map vulnerabilities to weakness patterns with related CVE discovery
18
+
19
+ ## Installation
20
+
21
+ ```bash
22
+ cd nvd-lookup
23
+ bun install
24
+ ```
25
+
26
+ ## Configuration
27
+
28
+ ### Optional: NVD API Key
29
+
30
+ While the NVD API is publicly accessible without authentication, registering for a free API key significantly increases rate limits:
31
+
32
+ - **Without API Key**: 5 requests per 30 seconds
33
+ - **With API Key**: 50 requests per 30 seconds
34
+
35
+ Register at: https://nvd.nist.gov/developers/request-an-api-key
36
+
37
+ Set your API key:
38
+ ```bash
39
+ export NVD_API_KEY="your-api-key-here"
40
+ ```
41
+
42
+ ## Usage
43
+
44
+ ### Start the Server
45
+
46
+ ```bash
47
+ bun start
48
+ ```
49
+
50
+ ### Available Tools
51
+
52
+ #### 1. nvd_cve_detail
53
+
54
+ Get comprehensive details for a specific CVE.
55
+
56
+ **Parameters:**
57
+ - `cve_id` (string, required): CVE identifier (e.g., "CVE-2021-44228")
58
+
59
+ **Example:**
60
+ ```json
61
+ {
62
+ "cve_id": "CVE-2021-44228"
63
+ }
64
+ ```
65
+
66
+ **Returns:**
67
+ - Full CVE description
68
+ - CVSS v3.1 and v4.0 scores (when available)
69
+ - CWE weakness classifications
70
+ - Reference URLs with tags
71
+ - CPE match configurations (affected products)
72
+ - Publication and modification timestamps
73
+ - Vulnerability status
74
+
75
+ #### 2. nvd_cve_search
76
+
77
+ Search for CVEs using keywords and filters.
78
+
79
+ **Parameters:**
80
+ - `keyword` (string, required): Search term (max 256 chars)
81
+ - `severity` (enum, optional): CVSS v3 severity level (LOW, MEDIUM, HIGH, CRITICAL)
82
+ - `date_range` (object, optional): Publication date filter
83
+ - `start` (string): ISO 8601 start date
84
+ - `end` (string): ISO 8601 end date
85
+ - `has_kev` (boolean, optional): Filter for CISA KEV catalog entries
86
+ - `limit` (number, optional): Results to return (1-100, default: 20)
87
+
88
+ **Example:**
89
+ ```json
90
+ {
91
+ "keyword": "log4j",
92
+ "severity": "CRITICAL",
93
+ "has_kev": true,
94
+ "limit": 10
95
+ }
96
+ ```
97
+
98
+ **Returns:**
99
+ - Total result count
100
+ - CVE list with descriptions, scores, severity, publication dates, and KEV status
101
+
102
+ #### 3. nvd_cpe_search
103
+
104
+ Search the CPE dictionary for product identifiers.
105
+
106
+ **Parameters:**
107
+ - `keyword` (string, required): Search term for products/vendors
108
+ - `match_string` (string, optional): CPE match string for filtering
109
+ - `limit` (number, optional): Results to return (1-100, default: 20)
110
+
111
+ **Example:**
112
+ ```json
113
+ {
114
+ "keyword": "apache",
115
+ "limit": 20
116
+ }
117
+ ```
118
+
119
+ **Returns:**
120
+ - Total CPE count
121
+ - CPE list with names, titles, deprecation status, and modification dates
122
+
123
+ #### 4. nvd_cve_by_cpe
124
+
125
+ Find all CVEs affecting a specific product version.
126
+
127
+ **Parameters:**
128
+ - `cpe_name` (string, required): CPE 2.3 URI (e.g., "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*")
129
+ - `is_vulnerable` (boolean, optional): Only return CVEs where CPE is vulnerable (default: true)
130
+ - `limit` (number, optional): Results to return (1-100, default: 20)
131
+
132
+ **Example:**
133
+ ```json
134
+ {
135
+ "cpe_name": "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*",
136
+ "is_vulnerable": true
137
+ }
138
+ ```
139
+
140
+ **Returns:**
141
+ - CPE name queried
142
+ - Total vulnerability count
143
+ - CVE list with descriptions, scores, severity, CWE classifications
144
+
145
+ #### 5. nvd_cve_changes
146
+
147
+ Track CVE modifications and status updates.
148
+
149
+ **Parameters:**
150
+ - `date_range` (object, required): Change date filter
151
+ - `start` (string): ISO 8601 start date
152
+ - `end` (string): ISO 8601 end date
153
+ - `event_name` (enum, optional): Change event type to filter
154
+ - Options: Initial Analysis, Reanalysis, Modified, CVE Modified, CVE Translated, Vendor Comment, CVE Source Update, CPE Deprecation Remap, CWE Remap, CVE Rejected, CVE Unrejected
155
+ - `limit` (number, optional): Results to return (1-100, default: 20)
156
+
157
+ **Example:**
158
+ ```json
159
+ {
160
+ "date_range": {
161
+ "start": "2024-01-01T00:00:00.000",
162
+ "end": "2024-01-31T23:59:59.999"
163
+ },
164
+ "event_name": "CVE Modified"
165
+ }
166
+ ```
167
+
168
+ **Returns:**
169
+ - Total change count
170
+ - Change events with CVE IDs, event types, timestamps, and modification details
171
+
172
+ #### 6. nvd_cve_statistics
173
+
174
+ Get aggregated vulnerability statistics.
175
+
176
+ **Parameters:**
177
+ - `keyword` (string, optional): Filter statistics by keyword
178
+ - `cpe_name` (string, optional): Filter statistics by product CPE
179
+ - `severity` (enum, optional): Filter by severity level
180
+
181
+ **Example:**
182
+ ```json
183
+ {
184
+ "keyword": "linux kernel"
185
+ }
186
+ ```
187
+
188
+ **Returns:**
189
+ - Total CVE count
190
+ - Distribution by severity (LOW, MEDIUM, HIGH, CRITICAL)
191
+ - Distribution by publication year
192
+ - Average CVSS score
193
+ - CVEs published in last 30 days
194
+
195
+ #### 7. nvd_cwe_lookup
196
+
197
+ Look up CWE weakness details and related CVEs.
198
+
199
+ **Parameters:**
200
+ - `cwe_id` (string, required): CWE identifier (e.g., "CWE-79")
201
+
202
+ **Example:**
203
+ ```json
204
+ {
205
+ "cwe_id": "CWE-79"
206
+ }
207
+ ```
208
+
209
+ **Returns:**
210
+ - CWE description (for top 25 CWEs)
211
+ - Total related CVE count
212
+ - Sample CVEs exhibiting this weakness
213
+
214
+ ## Architecture
215
+
216
+ This is an **API integration tool** that communicates directly with the NVD REST API using fetch(). It does not wrap CLI commands.
217
+
218
+ ```
219
+ nvd-lookup/
220
+ ├── package.json # Dependencies and build config
221
+ ├── tsconfig.json # TypeScript configuration
222
+ ├── README.md # This file
223
+ └── src/
224
+ ├── index.ts # MCP server initialization
225
+ ├── schemas.ts # Zod validation schemas
226
+ ├── security.ts # Input validation and rate limiting
227
+ └── tools/
228
+ ├── nvd-cve-detail.ts # CVE detail lookup
229
+ ├── nvd-cve-search.ts # CVE keyword search
230
+ ├── nvd-cpe-search.ts # CPE dictionary search
231
+ ├── nvd-cve-by-cpe.ts # Product vulnerability lookup
232
+ ├── nvd-cve-changes.ts # CVE change tracking
233
+ ├── nvd-cve-statistics.ts # Aggregate statistics
234
+ └── nvd-cwe-lookup.ts # CWE weakness lookup
235
+ ```
236
+
237
+ ## Security
238
+
239
+ All inputs are validated against strict patterns:
240
+
241
+ - **CVE IDs**: Must match `CVE-YYYY-NNNN` format
242
+ - **CPE URIs**: Must be valid CPE 2.3 format
243
+ - **CWE IDs**: Must match `CWE-NNN` format
244
+ - **Keywords**: Alphanumeric with limited special chars, max 256 characters
245
+ - **Rate Limiting**: Automatic throttling to respect NVD API limits
246
+
247
+ ## Data Sources
248
+
249
+ - **Primary**: NIST NVD REST API v2.0
250
+ - **Schemas**: Official NVD JSON schema
251
+ - **CWE Descriptions**: 2023 CWE Top 25 Most Dangerous Software Weaknesses
252
+
253
+ ## Common Use Cases
254
+
255
+ ### Security Research
256
+ - Investigate vulnerability details for threat modeling
257
+ - Track CVE lifecycle and metadata changes
258
+ - Map vulnerabilities to weakness patterns
259
+
260
+ ### Product Security
261
+ - Enumerate all CVEs affecting specific software versions
262
+ - Monitor new vulnerabilities for products in your stack
263
+ - Assess severity distribution across your attack surface
264
+
265
+ ### Vulnerability Management
266
+ - Search CISA KEV catalog for actively exploited vulnerabilities
267
+ - Generate metrics for security dashboards
268
+ - Correlate CWE patterns with vulnerability trends
269
+
270
+ ## Limitations
271
+
272
+ - Rate limits apply (5/30s without key, 50/30s with key)
273
+ - Results are limited to 100 per query (NVD API constraint)
274
+ - Historical data availability depends on NVD database completeness
275
+ - CVSS v4.0 scores may not be available for older CVEs
276
+
277
+ ## Development
278
+
279
+ Build for production:
280
+ ```bash
281
+ bun run build
282
+ ```
283
+
284
+ The compiled output will be in `dist/index.js`.
285
+
286
+ ## License
287
+
288
+ MIT
289
+
290
+ ## Resources
291
+
292
+ - [NVD API Documentation](https://nvd.nist.gov/developers)
293
+ - [CVE Numbering Authority](https://www.cve.org/)
294
+ - [Common Platform Enumeration](https://nvd.nist.gov/products/cpe)
295
+ - [Common Weakness Enumeration](https://cwe.mitre.org/)
296
+ - [CISA Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)