CVE & exposure intelligence, inside your AI tools
The EchelonGraph MCP server puts our real-time CVE feed — NVD + MITRE-CNA pre-NVD + CISA-KEV + EPSS + GitHub GHSA, fused into one score — and the one thing no other CVE source has, the live internet-exposure footprint of a CVE, directly into Claude, Cursor, Cline, or any MCP client. Free, no API key.
Install (60 seconds)
It runs via npx — no global install. Add it to your client’s MCP config, then restart.
Claude Desktop · Cursor · Cline · Windsurf
{
"mcpServers": {
"echelongraph": {
"command": "npx",
"args": ["-y", "echelongraph-mcp"]
}
}
}(Claude Desktop: claude_desktop_config.json · Cursor: ~/.cursor/mcp.json — same block.)
Then ask your assistant: “Is CVE-2023-44487 actively exploited, and how exposed is the internet to it right now?”
Tools
cve_summaryLive counts of active CVEs by severity + feed freshness.
search_cvesSearch/filter CVEs (severity, min CVSS, text, sort) with EchelonGraph scores.
get_cveFull detail for one CVE — CVSS v3/v4, EG score, EPSS, KEV + ransomware, GHSA, CWE, references.
cve_exposureUniqueThe live internet-exposure footprint of a CVE — how many exposed hosts run an affected version right now.
exposure_radarLive totals across the exposure radars — shadow AI, KEV-exploited hosts, open databases, leaked creds.
Why it's different
Most CVE sources tell you that a vulnerability exists. EchelonGraph also runs a passive internet-exposure radar — so cve_exposure tells your AI assistant how much of the internet is exposed to a CVE right now, with a country and product breakdown. No other CVE feed can answer that, because no other CVE feed runs the radar too. It’s all aggregate and host-redacted, served under our free public API.
Open source · MIT · Public API docs · KEV-Exposure radar