Alexandre Dulaunoy

VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.

A new component in the galaxy of tooling of vulnerability-lookup.

Thanks to @cedric who is becoming an orchestrator for many AI tools nowadays.

#cve #gcve #vulnerability #vulnerabilitymanagement #opensource #ai #mcp #vulnerabilitylookup

🔗 https://github.com/vulnerability-lookup/VulnMCP

GitHub - vulnerability-lookup/VulnMCP: A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights.

A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights. - vulnerability-lookup/VulnMCP

GitHub
5:29amWeb
Show threadCedric14h ago
@adulau Thanks a lot! 😊
Slowly building an orchestra… just hoping it doesn’t turn into free jazz at some point 🎶😄
Show threadAlexandre Dulaunoy14h ago
@cedric Electronic jazz or experimental jazz is totally fine. Free jazz is indeed out of scope.
Show threadJean-Baptiste Maillet11h ago

@adulau @cedric while you're at it with severity and CWE classification, did you ever considered CPE too? Like: "CPE guesser, but AI based".

A trick would be to AI-guess-timate the CPE for a vuln, *but* the CPE would need to be an existing one in the NVD (apart from the version, that is).

(And I don't see anything wrong with Free Jazz  )

Show threadAlexandre Dulaunoy10h ago

@jbm Good idea. Let's ask our friends to make an integration with the existing public API of cpe-guesser.

@cedric

Show threadAlexandre Dulaunoy10h ago

@jbm @cedric

https://github.com/vulnerability-lookup/VulnMCP/pull/1

By the way, we use this repo as an experiment. Contribution must be AI-generated only and we just do a review.

Add cpe-guesser API support as a new MCP tool by adulau · Pull Request #1 · vulnerability-lookup/VulnMCP

Motivation Provide an MCP tool to infer likely CPE identifiers from product keywords by integrating the existing cpe-guesser service. Keep consistency with existing vulnerability lookup tooling by...

GitHub
Show threadCedric10h ago

@adulau @jbm

new feature from Codex for the CPE guessing. Works like a charm!