MCP server exposing 7 tools for mitre-cwe.
This URL is a JSON-RPC 2.0 endpoint over HTTP. Issue POST requests with a JSON-RPC body. Browsers and search crawlers land here on GET.
POST https://gateway.pipeworx.io/mitre-cwe/mcp
Content-Type: application/json
{"jsonrpc":"2.0","id":1,"method":"tools/list"}
weakness — "What is CWE-[N]" / "look up CWE [name]" / "details on [weakness]" / "explain XSS / SQL injection / buffer overflow" / "what kind of security flaw is [X]" — fetch a single MITRE CWE (Common Weakness Enumeration) record with description, examples, mitigations, related attacks, references. Use for security analysis, vulnerability triage, threat-modeling, secure-coding training. Example IDs: 79 (XSS), 89 (SQL injection), 787 (out-of-bounds write).category — "What CWEs fall under [category]" / "list weaknesses in the [X] family" / "memory safety weaknesses" / "input validation weaknesses" — fetch a CWE category record (a thematic grouping of related CWEs like "Memory Safety", "Input Validation", "Cryptographic Issues"). Returns the category description plus member CWE IDs.view — "Top 25 most dangerous software weaknesses" / "OWASP Top 10 CWE mapping" / "CWE view [N]" — fetch a curated CWE view (a published, opinionated selection of weaknesses). View 1003 = simplified mapping (NVD uses this), view 1387 = Top 25, view 1344 = OWASP Top 10. Returns the view's metadata plus the included CWE IDs.children — "CWEs derived from / under [N]" / "child weaknesses of [CWE]" / "more specific variants of [X]" — list immediate children of a CWE in the relationship tree. CWE is hierarchical; e.g. children of CWE-119 (memory bounds) include CWE-787 (out-of-bounds write) and CWE-125 (out-of-bounds read).parents — "What's the parent CWE of [N]" / "broader weakness category for [X]" / "where does [CWE] sit in the taxonomy" — list immediate parents of a CWE in the relationship tree. Use to walk up to a more general weakness class.descendants — "All weaknesses derived from [CWE]" / "full subtree below [N]" / "every variant of [X]" — full transitive descendants (children, grandchildren, …) of a CWE. Use for exhaustive coverage analysis — e.g. "every memory-safety weakness" via descendants of CWE-664/119.relationship — "How is [CWE-A] related to [CWE-B]" / "relationship between two weaknesses" — fetch the directional relationship (parent/child/peer/precedes/can-precede) between two specific CWE IDs. Specialty tool; most queries are better served by children / parents / descendants.Code samples (curl / TypeScript / one-click client install), schemas, and the live playground are on the pack page:
https://pipeworx.io/packs/mitre-cwe/
Pipeworx is an open MCP gateway connecting AI agents to live data. pipeworx.io