Summary
A cached CVE and GitHub Security Advisory feed that lets your agent check vulnerabilities without hitting NVD or GHSA APIs directly. Exposes four tools: lookup_cve for individual records, find_for_package to scan npm/PyPI/Cargo/Maven/Go dependencies, list_recent_critical for high-severity issues from the past week, and severity_summary for counts by bucket. The pitch is speed and cost: sub-100ms lookups instead of multi-second API calls, and you avoid the token overhead of parsing verbose NVD JSON. Normalized across ecosystems so you get consistent schema whether you're auditing a Python or Rust project. Install globally via npm, wire it into Claude Desktop or any MCP client with npx, and you're querying the cache locally.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
@weiseer/cve-cache-mcp
Recent CVE + GHSA cache as a stdio MCP server.
Probe P-005 by weiseer.
What it does
Cached, structured snapshot of recent CVE + GitHub Security Advisory records — for AI agents auditing dependencies or screening new packages.
Your agent can:
lookup_cve— full record for one CVE/GHSA IDfind_for_package— all CVEs affecting a package by ecosystem (npm/PyPI/Cargo/Maven/Go)list_recent_critical— recent high-severity CVEs (default: 7-day, CVSS ≥ 7)severity_summary— counts by severity bucket
Why use this instead of your agent querying NVD itself
| Agent DIY | cve-cache | |
|---|---|---|
| Source query | NVD JSON feeds + GHSA GraphQL | 1 MCP call |
| Token cost (NVD records are large) | $0.05-0.20 | $0 free / $0.00005 paid |
| Latency | 2-10 seconds | <100ms |
| Cross-ecosystem normalization | Per-source schema | Pre-normalized |
Install
npm install -g @weiseer/cve-cache-mcp
Use with Claude Desktop / Cursor / Cline / Continue / Windsurf
{
"mcpServers": {
"cve-cache": {
"command": "npx",
"args": ["-y", "@weiseer/cve-cache-mcp"]
}
}
}
License
Apache-2.0. Catalog data: derived from public CVE/NVD/GHSA feeds (CC0/public domain).
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
CVE_CACHE_URLOverride remote snapshot URL
CVE_CACHE_LOCAL_ONLYSkip remote fetch
Categories
Registryactive
Package@weiseer/cve-cache-mcp
TransportSTDIO
UpdatedMay 30, 2026
