vuln-intel

An MCP server that gives an AI agent source-grounded vulnerability intelligence for authorized security research and bug-bounty triage. It fuses NVD, CISA KEV, FIRST EPSS, OSV/GHSA and CISA Vulnrichment (SSVC) into ranked, exploitation-first answers, and fact-checks the CVEs an agent might hallucinate. The server lays out the facts; your agent does the reasoning. Refreshed daily.

What it does

• Source-grounded. Every answer traces back to NVD, CISA KEV, FIRST EPSS or OSV/GHSA, with provenance you can cite.
• Exploitation-first ranking. KEV exploitation, EPSS probability and live public-PoC signal collapse into one P1 to P4 priority.
• By mechanism, across products. Semantic search finds mechanism-siblings that keyword search structurally misses.
• Fact-checks claims. Verify a CVE assertion (exists? right version? right severity? actually exploited?) and get per-assertion verdicts with evidence.
• Honest about gaps. A product it cannot resolve returns resolved: false, never a silent zero that reads as "not affected."

The nine tools

• check_technology maps a product or stack to ranked CVEs, de-duped across NVD CPE and OSV.
• hunt_plan turns a recon'd stack into a ranked dig-order with recurring bug-class loci.
• enrich_cve gives one CVE in full: CVSS, KEV, EPSS, SSVC, affected versions, live PoC.
• verify_cve_claim fact-checks a CVE assertion and returns per-assertion supported / refuted / unverifiable verdicts with evidence.
• find_recent_high_risk lists recent KEV and high-EPSS CVEs, optionally per product.
• find_similar_vulns runs semantic, by-mechanism search from a concept or a seed CVE.
• search_vulns runs full-text and CWE search across CVE and advisory summaries.
• search_public_code finds where an exact code string appears across public repositories.
• corpus_stats reports corpus size and data freshness.

Full reference, every argument and response field, is in TOOLS.md.

Connect

It is a Streamable-HTTP MCP server with bearer auth. For a generic MCP client:

{
  "mcpServers": {
    "vuln-intel": {
      "url": "https://mcp.rozetyp.com/mcp",
      "headers": { "Authorization": "Bearer YOUR_KEY" }
    }
  }
}

Or with the Claude CLI:

claude mcp add --transport http vuln-intel \
  https://mcp.rozetyp.com/mcp \
  --header "Authorization: Bearer YOUR_KEY"

Get a key

It is free. Get a key → Enter your email and your personal key is emailed over.

Field notes

• Vulnerability prioritization
• Predicting exploitation
• LLM bug-hunting experiments

For authorized, defensive security research only. Not for exploitation.