[0xEF]

I'm not the person you asked, but if some security researcher such as yourself needs a million-dollar service to sell, I'll offer that I would pay decent money for a webapp or something where I can list all the things in my stack or project and it spits out a list of known and possible vulnerabilities that I should check default configs for, update, patch, etc.

My thinking is this; if I'm willing to fork over dollars to a VPS hosting service for peace-of-mind, then paying for a service that helps me understand what I'm doing when it comes to self-hosting should also be on the table as an alternative.

That said, I have no idea how viable of a business model that would be, or if it would even be able to be developed and upkept with reliable info. Or, maybe it already exists, but on an enterprise level that I cannot afford for some dumb little blogs.

[Aachen]

The CVE database is free. Or maybe NVD are the ones publishing this mapping of CVEs to software packages and versions, but either way, a site like cvedetails will give you this information. I'm less sure where you could subscribe to these for all software thingies you run (maybe cvedetails already has that)