Live CVE monitoring — updated every 12 hours

Automated Compliance Monitoring.
Never Miss a Vulnerability.

Register your tech stack once. PatchComply continuously monitors the NVD database, scores your compliance, and flags critical threats — automatically.

🔍 Free Compliance Scan See How It Works

No credit card. Free tier forever. Takes 30 seconds.

patchcomply — compliance scan
$ patchcomply scan --stack nginx,python,django,postgresql

→ Fetching CVE database...
→ Analyzing 4 stack components...

✔ Scan complete (0.8s)

COMPLIANCE SCORE: 73 / 100 (Grade B)

● CRITICAL 1 CVE-2024-8811 — nginx <1.27.3
● HIGH 2 CVE-2024-7592, CVE-2024-6923
● MEDIUM 4 django, postgresql
● LOW 3

⚠ ACTION REQUIRED: Patch nginx to 1.27.3 immediately
→ Full report: patchcomply.com/report/usr_xxxx
CVEs Tracked
Scans Completed
4,600+
ADA Lawsuits in 2024
€30M
Max EU AI Act Fine
Features

Everything you need to stay secure & compliant

PatchComply automates the tedious work of vulnerability tracking so your team can focus on building.

🔄

Automated CVE Scanning

Continuously pulls from the NIST NVD database, matching your exact tech stack against thousands of known CVEs. No manual lookups.

📊

Compliance Scoring

Get a clear 0–100 compliance score with letter grade. Know exactly where you stand and track improvement over time.

🔔

Critical Alerts

Instantly flagged when CRITICAL or HIGH severity CVEs match your stack. Know before your customers find out.

📋

Detailed Reports

Full JSON reports with CVE IDs, descriptions, CVSS scores, affected products, and actionable remediation guidance.

🕒

Scheduled Monitoring

Pro and Enterprise plans run automatic scans every 12–24 hours. Always know your current exposure without lifting a finger.

🔌

REST API Access

Enterprise tier includes full API access. Integrate compliance scores into your CI/CD pipeline, dashboards, or Slack alerts.

How It Works

Up and running in 30 seconds

1

Register your stack

Tell us your tech stack — nginx, PostgreSQL, Python, Node.js, Docker, whatever you run. Free tier accepts 1 stack.

2

We scan automatically

PatchComply fetches the latest CVEs from NIST's NVD, matches them against your stack, and calculates your compliance score.

3

Get your report

Receive a detailed vulnerability report with severity ratings, CVSS scores, and prioritised remediation steps. Every 12 hours.

Sample Report

Crystal-clear vulnerability breakdown

Every scan produces a structured JSON report with severity classification, affected products, and actionable recommendations — perfect for dev teams and compliance auditors alike.

  • CVE-ID, description, CVSS score
  • Severity: CRITICAL / HIGH / MEDIUM / LOW
  • Affected product / component mapping
  • Prioritised remediation recommendations
  • Historical score trend (Pro+)
73
Grade B
Last scanned 4 min ago
nginx · python · django · postgresql
CVE-2024-8811 nginx buffer overflow
Critical 9.8
CVE-2024-7592 Python hashlib timing attack
High 7.5
CVE-2024-6923 Django CSRF bypass
High 7.1
CVE-2024-4741 PostgreSQL privilege escalation
Medium 5.4
⚠️ IMMEDIATE ACTION: Patch nginx to 1.27.3 — active exploit in the wild.
Pricing

Simple, transparent pricing

Start free. Upgrade when you need more stacks, daily scans, or API access.

ENTERPRISE
$49
per month
  • Unlimited tech stacks
  • Every 12h automated scan
  • Full REST API access
  • CI/CD integration webhook
  • Priority support (SLA 4h)
  • White-label PDF reports
  • Team seats (up to 10)

14-day free trial — no card required

⭐ Most Popular
PRO
$19
per month
  • 5 tech stacks
  • Daily automated scans
  • Email alerts on new CVEs
  • Full report history
  • Compliance score trends
  • Priority email support
  • API access

Cancel anytime. No questions asked.

FREE
$0
forever
  • 1 tech stack
  • Weekly automated scan
  • Basic compliance score
  • Latest report access
  • Email alerts
  • Report history
  • API access

No card. No expiry. No catch.

FAQ

Common questions

Where does the CVE data come from?
PatchComply uses the NIST National Vulnerability Database (NVD) — the U.S. government's official CVE repository, updated continuously. We fetch and index the latest CVEs every 12 hours.
How does the compliance score work?
Your score starts at 100. Each CRITICAL CVE deducts 20 points, HIGH deducts 10, MEDIUM deducts 5, and LOW deducts 2. Score is floored at 0. The grade mirrors academic grading: A (90+), B (70+), C (50+), D (30+), F (below 30).
What tech stacks are supported?
Any named software component — nginx, Apache, Python, Django, Flask, Node.js, PHP, WordPress, MySQL, PostgreSQL, MongoDB, Redis, Docker, Kubernetes, OpenSSL, Java, Spring, and hundreds more. We match against both CVE descriptions and CPE product data.
How accurate is the vulnerability matching?
We match against NIST's CPE (Common Platform Enumeration) product identifiers and CVE description text. False positives are possible — we flag potential matches and recommend you verify each CVE against your specific version. Enterprise tier includes version-specific matching.
Does PatchComply store sensitive data?
We store your email, company name, and tech stack list. No source code, credentials, or infrastructure details ever leave your environment. Tech stack lists are plain text (e.g. "nginx, python").
Can I use the API in my CI/CD pipeline?
Yes — Enterprise tier includes full REST API access. POST /api/scan returns a scan ID, and GET /api/report/{id} returns full JSON results. Use it to gate deployments on compliance score thresholds.