The vulnerability alerts you actually want

Know when your dependencies are at risk

AlertaVuln continuously monitors CVE databases and matches vulnerabilities against your exact tech stack. Get actionable alerts with severity classification — not just noise.

No credit card required. Free tier includes 1 project.

No repo clone, no CI install
Alert-first, not PR-noise
GitHub & Azure DevOps
AlertaVuln Dashboard
CVE-2026-31245Critical

Remote code execution in lodash < 4.17.21 — CONFIRMED VULNERABLE

2 min ago
CVE-2026-28901High

SQL injection in postgres driver — verify manually

15 min ago
CVE-2026-27103Medium

XSS in react-dom — your version is not affected

1 hour ago
requestDeprecated

Archived by author — migrate to native fetch or axios

Health check
What sets us apart

The alerts your scanner should have shipped with

Most SCA tools tell you a CVE exists. AlertaVuln tells you whether it can actually hurt your code.

Attack-surface aware

We classify the package and the CVE class — RCE in your XML parser? Loud alert. XSS in a CLI tool? We say so. Hand-curated rules, not LLM hand-waving.

Transitive chains, surfaced

Vulnerable package buried four levels deep? We show the chain — which top-level dep dragged it in, so you upgrade the right thing once instead of fighting the lockfile.

Smart fix targeting

We pick the smallest safe upgrade — not the latest major. Bump severity (Safe / Caution / Breaking) and a release-notes link ship with every alert. No downgrade traps.

How it works

Three steps to protect your applications

STEP 1

Add your stack — three ways

Upload a manifest (package.json, csproj, requirements.txt…), connect a GitHub or Azure DevOps repo, or type dependencies in manually. npm, NuGet, pip, Maven, Go, Cargo, Composer, RubyGems.

STEP 2

We monitor CVE feeds

Our engine continuously ingests from NVD, GitHub Advisories, and other sources — matching against your exact dependencies.

STEP 3

Get actionable alerts

Receive RED/YELLOW/GREEN alerts with reasoning. Push to Slack, Teams, or Discord. Know exactly what to fix and why.

Everything you need to stay secure

Comprehensive vulnerability management for your entire stack

Real-Time CVE Alerts

Get notified instantly when new vulnerabilities affect your tech stack. Three-tier alert system (RED/YELLOW/GREEN) with detailed reasoning.

Tech Stack Tracking

Define your packages, frameworks, and versions per project. We automatically match incoming CVEs against your exact dependencies.

Package Health Monitoring

Track maintenance status of your dependencies. Get warnings when packages become stale, deprecated, or unmaintained.

Five Webhook Channels

Slack, Microsoft Teams, Discord, Google Chat, and a generic JSON endpoint for PagerDuty, Opsgenie, or anything custom. Not "coming soon" — shipping today.

Event-Driven, Not Scheduled

CVE gets disclosed, your affected repos are rescanned, alerts fire — minutes, not a nightly cron. Most SCA tools batch scans and catch you on the next pass.

Zero-Install Public Mode

Paste a public GitHub URL, get alerts — no GitHub App, no OAuth, no CI runner. Sign up and scan.

Why not Dependabot or Snyk?

Where we land vs. the tools you're probably already using

CapabilityDependabotSnykALERTAVULN
Works on GitHub + Azure DevOps
GitHub-native*
No repo clone or build-step execution
Fetches + resolves in their sandbox
May fetch source to their cloud
Read-only manifest API
Alert-first, not PR spam
PR per CVE
Mixed
5 native chat channels (incl. Discord + Google Chat)
Limited
Limited
All five
Free tier with no time limit
200 tests/mo
1 project, forever
Event-driven rescans (not scheduled)
Scheduled
Zero-install public-repo mode
No App, no OAuth, no CI

*Self-hosted community forks of Dependabot exist for GitLab and other hosts, but require DIY hosting vs a managed integration.

Comparison accurate as of April 2026. Pick the row that matters for your team.

Simple, transparent pricing

Start free. Scale projects, seats, and orgs on your terms.

Free

$0forever

Kick the tyres — one project, one org, one user.

  • 1 project
  • 1 organisation
  • 1 user (just you)
  • Real-time CVE alerts
  • Package health monitoring
  • All five webhook channels

Pro

$20/month

Solo power user — more projects, still one seat.

  • Everything in Free
  • Up to 3 projects
  • Alerts across all projects
  • Priority support
Most Popular

Team

$50/month

For small teams that share a stack — one flat fee.

  • Everything in Pro
  • Up to 5 projects
  • Up to 5 seats included
  • Shared alerts & audit log
  • Optional add-ons: Retrigger, SBOM export

Enterprise

Contact sales

For organisations with multiple teams and unlimited scale.

  • Everything in Team
  • Unlimited projects
  • Unlimited seats
  • Child-org support
  • Retrigger & SBOM export included
  • Dedicated account manager
  • Custom integrations
  • SLA guarantee

Ship your first alert in 60 seconds

Free forever for one project, one org, one user. All five webhook channels, no credit card, no sales call.