One of the most common questions we get is: "What exactly does FixTheCVE monitor?" Here's a complete breakdown of our coverage across operating systems, packages, and vulnerability databases.
Operating Systems Supported
Linux Distributions
- Ubuntu (18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, and newer)
- Debian (10 Buster, 11 Bullseye, 12 Bookworm)
- RHEL (7, 8, 9)
- Rocky Linux (8, 9)
- AlmaLinux (8, 9)
- CentOS (7, Stream 8, Stream 9)
- Fedora (38+)
- SUSE/openSUSE (15+)
Windows
- Windows Server 2016, 2019, 2022
- Windows 10, 11 (for workstation monitoring)
- KB patch tracking with Microsoft MSRC integration
What Gets Scanned
Linux Package Managers
Our scanner reads your installed packages from:
- dpkg (Debian/Ubuntu): Reads
/var/lib/dpkg/status - rpm (RHEL/Rocky/Alma): Queries the RPM database
This captures everything installed through your package manager: system libraries, services, kernels, development tools, and more.
Windows Updates
On Windows, we check:
- Installed Windows KB updates
- Missing cumulative updates
- The current OS build number against known vulnerable builds
Vulnerability Intelligence Sources
We cross-reference multiple authoritative sources:
| Source | What It Provides | Update Frequency |
|---|---|---|
| NVD (NIST) | CVE details, CVSS scores, affected products | Hourly |
| EPSS (FIRST.org) | Exploit probability scores (0-100%) | Daily |
| CISA KEV | Confirmed actively-exploited CVEs | Daily |
| Microsoft MSRC | Windows KB patch mappings | Every 6 hours |
| Distro Security Trackers | Backport patch status (Ubuntu, Debian, RHEL) | Every 3 hours |
The CVE Detail Page
For every CVE in our database, you get:
- CVSS v3 score and vector with visual breakdown
- EPSS exploit probability
- CISA KEV status
- CWE weakness type
- AI-generated analysis:
- Plain-English summary
- Risk assessment (worst case, likely case, mitigated case)
- Affected systems and configurations
- Official fix instructions with commands
- Workarounds if you can't patch immediately
- Verification steps (how to check if you're vulnerable/fixed)
- Detection indicators (log entries, network signatures)
- Affected products with version ranges
- Vendor references and advisory links
Browsing and Search
Even without scanning, you can use FixTheCVE as a CVE database:
- Browse all CVEs with filtering by severity, date, and CWE type
- Critical CVEs dashboard for the most severe vulnerabilities
- Trending CVEs that are getting the most attention
- CISA KEV list of actively-exploited vulnerabilities
- Most Exploitable ranked by EPSS score
- Vendor pages to see CVEs by software vendor
- Vendor Scorecards comparing security track records
- Search by CVE ID, product name, vendor, or keyword
API Access
For automation and integration, we offer an API that provides:
- CVE lookup by ID
- Search endpoints
- Recent CVEs feed
- Statistics and trends data
Sign up free to start monitoring your systems, or browse our CVE database to see the depth of coverage for yourself.