CVE Lookup| Slug | cve-lookup |
| Category | Vulnerability Intelligence |
| Maturity | Beta |
| Auth Type | None (public API) |
Summary
Read-only MCP integration with the CVE-Search API hosted by CIRCL. Lets a Prospector Studio agent answer vulnerability-research questions: enumerate vendors and products, list known CVEs for a given product, and pull full CVE detail with CAPEC / CWE / CPE expansions.
Capabilities
- Browse the CVE-Search vendor and product catalog.
- List CVEs affecting a specific vendor + product pair.
- Fetch a single CVE record by ID.
- Pull the most recent N CVEs added to the database.
- Inspect CVE-Search database freshness and update timestamps.
Required Headers
CVE-Search is public. No authentication headers required.
Allowed Hosts
cve.circl.lu
Tools
| Tool | Action | Purpose |
|---|---|---|
get_vendors |
read | List all vendors in the CVE-Search database. |
get_vendor_products |
read | List products for a vendor. |
get_product_cves |
read | List CVEs for a vendor + product. |
get_cve |
read | Full record for a specific CVE ID. |
get_last_cves |
read | Most recent N CVEs (with CAPEC, CWE, CPE expansions). |
get_db_info |
read | Database freshness and update timestamps. |
Invocation Example
{
"name": "get_cve",
"arguments": {
"cve_id": "CVE-2024-3094"
}
}
Operational Notes
- Hosted by CIRCL. CVE-Search is a community-operated mirror; treat its content as authoritative for CVE metadata but check
get_db_infoif an agent needs to know how fresh the data is for newly published CVEs. - Public, rate-limited. Be conservative with
get_vendors/get_vendor_productsfan-out; the vendor list is large. - Reference docs. CVE-Search API.