Open app

Vulnerability tracking

Demerzel correlates published advisories against the packages actually installed on each server, so you see vulnerabilities that really apply to you — not a generic feed.

How correlation works

  • The agent reports the exact package versions installed on each host.
  • Demerzel matches them against known CVEs, using distribution-aware version comparison (it understands Debian epochs and revisions, so 3.0.15-1~deb12u1 is compared correctly).
  • A finding records the package, installed version, CVE, severity and the fixed version.

On the server page

Each server’s Vulnerabilities tab lists its findings, most severe first, with the version that fixes each one. Critical and high findings roll up into dashboard Actions.

Freshness matters. If the advisory catalog hasn’t been refreshed recently, Demerzel raises a systemic Action — stale vulnerability data is itself a risk worth flagging.