@weiseer/cve-cache-mcp
Recent CVE + GHSA cache as a stdio MCP server.
Probe P-005 by weiseer.
What it does
Cached, structured snapshot of recent CVE + GitHub Security Advisory records — for AI agents auditing dependencies or screening new packages.
Your agent can:
lookup_cve— full record for one CVE/GHSA IDfind_for_package— all CVEs affecting a package by ecosystem (npm/PyPI/Cargo/Maven/Go)list_recent_critical— recent high-severity CVEs (default: 7-day, CVSS ≥ 7)severity_summary— counts by severity bucket
Why use this instead of your agent querying NVD itself
| Agent DIY | cve-cache | |
|---|---|---|
| Source query | NVD JSON feeds + GHSA GraphQL | 1 MCP call |
| Token cost (NVD records are large) | $0.05-0.20 | $0 free / $0.00005 paid |
| Latency | 2-10 seconds | <100ms |
| Cross-ecosystem normalization | Per-source schema | Pre-normalized |
Install
npm install -g @weiseer/cve-cache-mcp
Use with Claude Desktop / Cursor / Cline / Continue / Windsurf
{
"mcpServers": {
"cve-cache": {
"command": "npx",
"args": ["-y", "@weiseer/cve-cache-mcp"]
}
}
}
License
Apache-2.0. Catalog data: derived from public CVE/NVD/GHSA feeds (CC0/public domain).