CVE monitoring for your stack

Know when your software has a vulnerability

New CVEs drop daily. Stackflag monitors NVD, GHSA, OSV, CISA KEV, and EPSS every hour and flags only what affects your stack.

Get started free Sign in

Define your stack

Describe your setup in plain English - nginx, WordPress, PostgreSQL, Node.js, whatever you run. Stackflag sets up monitors automatically. No security expertise needed.

We flag what matters

When a vulnerability matches your stack, Stackflag flags it with a plain-English summary, severity rating, and what to do about it.

Get alerted your way

Email digests, instant alerts, or webhooks - choose how and when you hear about it. Triage with read/unread/acknowledge and keep an audit trail for compliance.

Built for teams with compliance obligations

Vulnerability monitoring is a named control in every major security standard. Stackflag provides the continuous monitoring and triage evidence these frameworks require.

ISO 27001: A.8.8

Management of technical vulnerabilities. Stackflag provides the continuous monitoring, severity prioritisation, and remediation records this control requires.

SOC 2: CC7.1

Monitor system components for anomalies. Stackflag's hourly scans and flag queue give auditors the evidence trail they ask for in Type II assessments.

Cyber Essentials (UK)

Patch high-severity vulnerabilities within 14 days. Stackflag flags CVSS ≥7 and KEV entries the moment they appear so you never miss the window.

NIS2 Directive (EU): Art. 21

Vulnerability handling and disclosure for essential and important entities. Stackflag tracks affected software and gives you the audit log to demonstrate active management.

PCI DSS v4: Req 6.3

Identify, rank, and remediate security vulnerabilities. Stackflag's CVSS-prioritised flag queue maps directly to the ranked patching workflow PCI DSS requires.

NIST SP 800-53: RA-5 / SI-2

Vulnerability monitoring and flaw remediation. Stackflag automates RA-5's continuous scanning requirement and provides the SI-2 remediation timeline evidence.

Latest vulnerabilities

Browse vulnerabilities

Published today

2979

This week

Google Chromium Web Browser Can Run Malicious Code 8.8 Google Skia: Malicious Webpage Can Crash or Steal Data 8.8 OpenClaw: Untrusted Sites Can Access Sensitive Settings 8.1 Discord Reaction Hack in OpenClaw 5.4 CairoSVG Can Be Overwhelmed by Malicious SVG Files 7.5

Data sources updated hourly: NVD · GHSA · OSV · CISA KEV · EPSS · Vulnrichment