@adel, speaking strictly for detecting vulnerable packages on linux (rpm, deb), OSquery allows you to query for package name version etc, which you’d have to compare against data from your feed. Package naming conventions are non standard and outlined here https://www.debian.org/doc/manuals/developers-reference/pkgs.html. Comparing packages is a bit challenging, but IMO, this python package does a reasonable job https://pypi.python.org/pypi/version_utils. In my case it worked for rpm and deb packages.

g314159: Great! Thanks a lot for your help