Know when your dependencies are vulnerable.

An MCP server that reads your lockfile, checks NVD + GitHub Advisories, and tells you what actually matters — prioritized by real-world exploit probability, with exact fix versions.

$14/mo flat — not per-seat, not per-repo.

Get VulnFeed See the setup

> Scan my project for vulnerabilities

Using: scan_project(".")

Scanning package-lock.json... 847 packages

GHSA-29mw-wpgm-hmr9 in express@4.17.1

Severity: HIGH | EPSS: 73.2% (HIGH) | Fix: upgrade to 4.21.0

Open redirect via malicious URL in res.location()

CVE-2024-29041 in express@4.17.1

Severity: MODERATE | EPSS: 0.8% (low) | Fix: upgrade to 4.19.2

3 affected packages, 12 vulnerabilities total

Top priority: express — the GHSA-29mw vuln has 73% exploit probability

Why not just ask Claude to check?

It knows your deps

Reads your package-lock.json, requirements.txt, or go.sum and filters to only the CVEs that hit your actual dependency tree. No noise from packages you don't use.

EPSS prioritization

Most CVEs are noise. EPSS (Exploit Prediction Scoring System) scores each one by real-world exploitability. VulnFeed surfaces the ones likely to be used in real attacks.

Fix recommendations

Not just "you're vulnerable" but upgrade express 4.17.1 → 4.21.0. Cross-references npm, PyPI, and Go registries for the exact version that fixes the issue.

Continuous monitoring

Register your project once. Check back any time for new vulnerabilities. New CVE published at 3am? It's in the index by 3:15am for your morning session.

9 tools, one install

Scan a lockfile, check a package, look up a CVE, monitor a project, check alerts, update deps, list projects. Everything a security workflow needs.

Zero upstream cost

Data sources are NVD, GitHub Advisory DB, and EPSS — all free, public APIs. No vendor lock-in, no data broker middlemen. Your $14 pays for the intelligence layer, not data access.

How it compares

	Free MCP servers	Snyk / Socket	VulnFeed
CVE lookup	✓	✓	✓
Knows your deps	—	✓	✓
EPSS prioritization	—	✓	✓
Fix recommendations	—	✓	✓
Continuous monitoring	—	✓	✓
MCP-native	✓	—	✓
Price	Free	$25-49/dev/mo	$14/mo flat

Setup in 2 minutes

Install the MCP Python SDK:
```
pip install mcp
```

Add to your Claude Code settings (~/.claude/settings.json):

{
  "mcpServers": {
    "vulnfeed": {
      "type": "stdio",
      "command": "python3",
      "args": ["/path/to/vulnfeed/server.py"],
      "env": {
        "VULNFEED_WORKER_URL": "https://...",
        "VULNFEED_API_KEY": "your-license-key"
      }
    }
  }
}

Restart Claude Code. Ask it to scan my project for vulnerabilities.

Start monitoring your dependencies.

Get VulnFeed — $14/mo