CVEPing monitors NVD, GitHub Advisory, and OSV.dev every 4 hours and pings you when new CVEs affect your stack. No agents. No code scanning. Just timely alerts.
Free tier available · No credit card required · 22+ technologies
Choose from 22 technologies or upload your composer.json / package.json to auto-detect everything.
CVEPing polls NVD, GitHub Advisory, and OSV.dev. Each CVE is enriched with EPSS exploit probability scores.
Receive alerts via Email, Slack, Discord, or webhooks when critical or high-severity CVEs are published.
Updated automatically every 30 minutes to 4 hours depending on plan
| Others | CVEPing |
|---|---|
| Subscribe to CPE vendor/product codes | Click "PHP" or upload composer.json |
| New CVEs without CPE tags are silently missed | Keyword + OSV.dev catches them |
| €19-49/month with complex setup | Free tier, paid from €5/mo |
| Built for security teams with 50-page dashboards | Built for developers who want a ping |
Each CVE shows real-world exploit probability from FIRST.org — know which vulnerabilities are actually being exploited, not just theoretically dangerous.
Upload composer.json, package.json, requirements.txt, or Gemfile. Unmatched packages are auto-added as custom technologies on Dev+ plans.
NVD (NIST), GitHub Security Advisory, and OSV.dev — cross-referenced and deduplicated for comprehensive coverage.
Email alerts on all plans. Slack (Dev+), Discord, and custom webhooks (Pro+). Configurable severity thresholds and real-time or digest delivery.
Mark CVEs as patched, action required, monitoring, or dismissed. Filter by status to track your team's response to each vulnerability.
Full filtering REST API for Pro+ users. Monitor any technology beyond the 22 built-in — add custom packages by NVD keyword.