infai-tech/vulnfeed-mcp

Overview

Vulnfeed MCP is a server that monitors dependency vulnerabilities by reading your lockfile. It prioritizes threats using EPSS scores and suggests fix versions. It integrates with MCP-compatible tools to surface actionable security data.

Best for

Best for
Developers who want automated, prioritized vulnerability alerts in their MCP workflow.

Use cases

• Scan lockfiles for known vulnerabilities during CI/CD
• Prioritize dependency fixes by EPSS exploit likelihood
• Get recommended upgrade versions for vulnerable packages

Notes

Vulnfeed MCP is a server that monitors dependency vulnerabilities by reading your lockfile. It prioritizes threats using EPSS scores and suggests fix versions. It integrates with MCP-compatible tools to surface actionable security data.

0 stars on GitHub. Last updated 2026-05-28. Licensed MIT.

Use cases

• Scan lockfiles for known vulnerabilities during CI/CD
• Prioritize dependency fixes by EPSS exploit likelihood
• Get recommended upgrade versions for vulnerable packages

Pros

• Uses EPSS scoring to focus on exploitable vulnerabilities
• Directly suggests fix versions, reducing manual research
• Lightweight Python server that works with MCP clients

Cons

• No stars or community traction yet, maturity unclear
• Requires MCP-compatible tooling to be useful
• Limited to lockfile-based scanning, no runtime monitoring

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.