Mondoo
Docs
SecurityAssess & Improve Security

Find Vendor Advisories

Find vendor security advisories that affect your infrastructure and prioritize using Mondoo's risk scoring.

A vendor advisory is a security bulletin published by a software vendor about an issue in their product, along with patches, workarounds, or mitigations. Advisories often arrive before exploits circulate widely, giving you a window to protect your systems before they're targeted. Mondoo tracks vendor advisories and tells you which ones affect which assets.

Not every known issue has a vendor advisory. Use Find Vulnerabilities to track CVEs across your infrastructure.

Find advisories in a space

  1. In the Mondoo App, navigate to the space.

    You can also select a workspace to view a subset of assets.

  2. In the side navigation, under Findings, select Advisories.

    Find Advisories

    For each advisory, Mondoo shows its rank, severity, blast radius, risk factors, and when it was first found.

  3. Filter using the search bar. Examples:

    • A platform name (windows, debian, google)
    • A CVE number (2025-21755, 1325)
    • A service or tool (winsock, curl, cim)

  4. Select an advisory to see the assets where it applies.

How an advisory is scored

Mondoo scores advisories the same way it scores vulnerabilities: a base severity combined with asset context. For the full model, read How Mondoo Scores and Prioritizes Findings.

Risk factors

Risk factors are flags that raise or lower the risk of an advisory. They appear as icons next to the advisory.

Advisory-level risk factors describe the issue itself:

IconRisk factor
Exploitable iconExploitable advisories have known exploits in the wild.
Ransomware iconRansomware advisories are known to be used in ransomware campaigns.
Remote execution iconRemote execution advisories let an attacker run code on a target system over the network.

Contextual risk factors describe the assets where the advisory was found:

IconRisk factor
Keys iconAccessible keys indicates that key or credential information is exposed on at least one affected asset.
EOL iconEnd-of-life (EOL) indicates that at least one affected asset is running an operating system version that is approaching or has reached EOL (no longer supported).
Database iconDatabase indicates that at least one affected asset hosts a running database (MySQL or PostgreSQL).
In use iconIn use indicates that at least one affected asset has a running service or is in active use. Examples are assets running sshd, OpenSSH, NGINX, or Apache, or assets with open or listening ports.
Defensive iconDefensive indicates that at least one affected asset has defensive countermeasures in place (SELinux or AppArmor).

See also

Vulnerabilities (CVEs)

Find known vulnerabilities (CVEs) in your infrastructure and use Mondoo's scoring to prioritize fixes.

Overview

Tailor Mondoo's scoring, exceptions, properties, and risk dimensions to your organization's priorities.

On this page

Find advisories in a spaceHow an advisory is scoredRisk factorsSee also