Vulnerability Feature Overview



Vulnerability Assesment Overview

The Threat Stack Vulnerability Assessment runs daily and analyzes all packages against the more than 2 million Common Vulnerabilities and Exposures (CVE) listed in the National Vulnerability Database (NVD) run by the National Institute of Standards and Technology (NIST). At the end of the assessment, Threat Stack shows you a list of vulnerable packages, associated CVE, and impacted servers.

For each vulnerability, the severity score is based on the Common Vulnerability Scoring System v2 (CVSS v2) used by the NVD. The severity can be high (H), medium (M), or low (L) as determined by NVD.

For more information see the NVD Frequently Asked Questions or A Complete Guide to the Common Vulnerability Scoring System v2 on

Supported Distrobutions

Threat Stack currently supports the Vulnerabilities feature on the following Linux distrobutions:

  • Ubuntu
  • Amazon
  • RedHat

Vulnerability Assessment Reports

The Threat Stack agent runs an assessment that compares the CVEs against the published security notice and triage data from the specific Linux distribution. The vulnerability assessment then displays a vulnerability assessment score.

Threat Stack runs an assessment when an agent is first installed and then runs daily assessments starting at 12am UTC. You can subscribe to a daily vulnerability assessment email report. To enable these reports, navigate to the Notifications Settings section on the Settings page.

Vulnerability Assessment Workflow

This image depicts the flow of the Threat Stack agent detecting packages, cross-referencing them against more than two million identified CVEs. 


For this illustration we use "TS" to refer to Threat Stack.

Vulnerabilities Workflow illustration

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.