Hey HN, founder here. Spent years in security & software engineering. Built Emphere because every engineer I know does the same thing when a CVE lands: checks NVD, reads the changelog, searches GitHub issues, asks in Slack if anyone tried the upgrade, then makes a judgment call. Two hours. Every time. For one CVE.

We built an MCP server that gives your AI assistant (Claude Code, Cursor, Windsurf, Codex) actual remediation intelligence instead of reworded NVD entries.

What it does: - Exploitability verdicts from 20+ sources (NVD, OSV, CISA KEV, EPSS, GitHub, deps.dev) - Breaking change analysis before you patch - Patch stability tracking (we call it regret index — are people rolling this back?) - OS-aware, version-aware fix commands - Batch triage up to 20 CVEs at once

One config line. No API key. Community edition.

Best part, it works across OS, kernel, package, and even hardware-related Vulns.

Try it on a CVE you're dealing with right now. Feedback welcome, especially via the MCP. It gets validated and feeds back into the community KB.