Frequently Asked Questions

Yes! FixTheCVE is 100% agentless. Here's exactly how it works:

Unlike traditional security solutions that require installing persistent agents on your servers (which consume resources 24/7), FixTheCVE uses a completely different approach:

• No Installation Required: You don't install any permanent software on your servers
• Flexible Scanning Modes: Choose between one-time manual scans or automated scheduled scans (every 1-24 hours)
• Zero Performance Impact: When you're not scanning, there's nothing running on your server
• Optional Automation: Set up automatic scans with a simple cron job (optional, not required)
• Complete Control: You decide when to scan - manually, scheduled hourly, or daily

How scanning works:

1. You run our scanner script on your server (takes ~5 seconds)
2. The script detects your OS and lists all installed packages
3. It sends this package list to our API using your unique scan token
4. Our cloud platform matches your packages against the CVE database
5. You get instant results in your dashboard + email alerts for new vulnerabilities

That's it! No agents, no persistent connections, no resource consumption. Just simple, effective vulnerability monitoring.

Every 5 minutes! Our system continuously syncs with authoritative CVE sources to ensure you never miss a critical vulnerability.

Here's our update process:

• NVD Integration: We sync with the National Vulnerability Database (NVD) every 5 minutes
• Vendor Advisories: We monitor security advisories from major vendors like Red Hat, Ubuntu, Debian, and more
• Community Sources: We aggregate information from security researchers and IT engineers worldwide
• AI Analysis: Each CVE is automatically analyzed to generate actionable fix instructions
• Instant Alerts: When a new CVE affects your servers, you're notified within minutes

What you get with each CVE:

• ✓ CVSS severity score and detailed metrics
• ✓ Plain-English explanation of the vulnerability
• ✓ Affected package versions
• ✓ OS-specific fix commands (Ubuntu, Debian, CentOS, RHEL, etc.)
• ✓ Mitigation strategies if patches aren't available
• ✓ References to official vendor advisories

We don't just copy CVE data - we enrich it with actionable intelligence so you can fix vulnerabilities fast.

We support all major Linux distributions:

Need support for another distribution? Contact us - we're always adding new platforms!

FixTheCVE offers flexible plans for teams of all sizes:

• Free Tier: Perfect for individuals and small projects. Monitor up to 3 servers with full CVE database access and email alerts.
• Pro Plans: Advanced features including unlimited servers, API access, custom alert rules, and priority support.
• Enterprise: Dedicated support, SLA guarantees, and custom integrations for large organizations.

The CVE database itself is completely free - browse and search all vulnerabilities without an account. You only need to sign up if you want automated monitoring and alerts for your servers.

View detailed pricing →

Absolutely. Privacy and security are our top priorities:

• Minimal Data Collection: We only collect your server's package list (package names and versions)
• No Source Code Access: Our scanner never reads your application code, configs, or data
• No Secrets Collected: We don't access environment variables, credentials, or sensitive files
• Encrypted Transmission: All data is sent over HTTPS with TLS encryption
• You Control Sharing: Your server data is private by default - we never sell or share it
• Open Scanner: Our scanner script is transparent - you can review exactly what it does

For complete details, read our Privacy Policy and Security Practices.

FixTheCVE offers two scanning modes to fit your workflow:

Step 1: Choose Your Scan Mode

• Sign up and add a server in your dashboard
• Select "Scan Once" for manual scans or "Regular Scan" for automation
• Get your unique scanner command with embedded scan token

Step 2: Run the Scanner

• SSH into your server and paste the command
• The scanner auto-detects your OS (Ubuntu, Debian, CentOS, RHEL, Fedora, Alpine, Arch, openSUSE)
• It collects installed packages using your package manager
• For Regular Scan: automatically installs a cron job for scheduled scans

Step 3: Get Instant Results

• Package data is securely sent to our API over HTTPS
• We match your packages against 200,000+ CVEs in our database
• Results appear in your dashboard with color-coded severity (🔴 Critical, 🟠 High, 🟡 Medium, 🔵 Low)
• Formatted output shows: detected packages, matched products, CVEs found, and scan duration

Step 4: Ongoing Monitoring

• Our system continuously checks for new CVEs every 5 minutes
• When a vulnerability affecting your servers is published, you're alerted immediately
• Re-scan anytime to verify fixes or detect new packages
• Adjust scan frequency for Regular Scan mode anytime from your dashboard

See detailed walkthrough →

Get notified immediately when new vulnerabilities affect your infrastructure:

• Instant Alerts: When a CVE matching your servers is discovered, you get an email within minutes
• Severity Filtering: Choose to only receive alerts for CRITICAL/HIGH severity issues, or monitor everything
• Detailed Information: Each alert includes the CVE ID, severity, affected packages, and fix instructions
• Clickable Links: Direct links to view full CVE details and your affected systems
• Easy Unsubscribe: Manage notification preferences from your dashboard anytime

You can customize alert settings for each server individually in your dashboard.

We work hard to minimize false positives, but some are inevitable:

Why false positives happen:

• Distribution maintainers often backport security fixes without changing version numbers
• CVE databases may list version ranges that don't account for distro-specific patches
• Some vulnerabilities only affect specific configurations or use cases

How we reduce false positives:

• Advanced version matching algorithms
• Integration with distribution security advisories (Ubuntu USN, RHSA, etc.)
• Community feedback to improve accuracy

What you should do:

• Always verify CVE applicability to your specific environment
• Check your distribution's security advisories
• Use our information as a starting point for your own research

Remember: FixTheCVE provides information and guidance, not definitive security assessments. You're responsible for validating and implementing fixes appropriate for your systems.

Yes! Our API lets you integrate CVE monitoring into your existing workflows:

• Scan API: Submit package lists and retrieve vulnerability results programmatically
• CVE Database API: Query our CVE database for vulnerability information
• Webhook Support: Get real-time notifications when new CVEs are discovered
• REST & JSON: Simple, well-documented REST API with JSON responses

API access is available on Pro and Enterprise plans. View API documentation →

Can't find what you're looking for? We're here to help!

Contact Support