
Ask HN: Open-source vulnerability monitoring tool - clawoo
Hello!<p>I run my own server with most of the stuff I need, such as email, hosting, etc. and I am always worried in the back of my mind that some software that I use might be severely out of date or there&#x27;s a new exploit I should be aware of.<p>So far I&#x27;ve set up a few applets on IFTTT to monitor the cvedetails.com RSS feed for my specific software (nginx, wordpress, mariadb, roundcube, postfix, dovecot, etc), but it seems that setup is not as solid as I believed it to be because some CVEs are not published in the feed although they are pretty important. For example, CVE-2020-15562 - XSS via HTML messages in Roundcube (https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2020-15562) does not show up in the list of exploits: https:&#x2F;&#x2F;www.cvedetails.com&#x2F;vulnerability-list&#x2F;vendor_id-8905&#x2F;Roundcube.html<p>Is there such a tool that would automatically monitor for vulnerabilities for a given list of software? Ideally the tool would be open source.<p>Thanks!
======
Ahmd72
I would suggest you to look at
[https://www.openvas.org/](https://www.openvas.org/) which you can say is the
open source version of Nessus.

------
ecesena
Snyk is not open but has a free tier.

