GhostFree

GhostFree is a local Model Context Protocol (MCP) server designed to scan your code repository’s dependencies for security vulnerabilities based on published CVEs. Integrating directly with AI coding assistants (such as Claude, Cursor, and any MCP-compatible client), it discovers dependency manifests, queries OSV.dev for known vulnerabilities, enriches results using NVD and CISA KEV, and supports risk triage/remediation workflows including risk acceptance and expiring risk management. It is a powerful tool for engineering teams and DevSecOps who want automated, in-context dependency vulnerability management alongside their code in editors and AI tools.