Simple, Transparent Pricing

Start free. Scale as your team grows.

Free

$0

500 lookups/month

  • CVE lookup with EPSS + KEV
  • Package vulnerability check
  • Version-specific audit
  • 1 API key
  • Community support
Get Started
Most Popular

Pro

$19 /mo

10,000 lookups/month

  • Everything in Free
  • Manifest scan (all ecosystems)
  • SARIF output for GitHub
  • 1 webhook registration
  • Priority fix recommendations
  • Email support
Start Pro

Business

$49 /mo

50,000 lookups/month

  • Everything in Pro
  • EPSS history (90 days)
  • 5 webhook registrations
  • 3 API keys + team seats
  • 90-day scan history
  • 99.9% SLA
  • Priority email support
Start Business

Growth

$99 /mo

200,000 lookups/month

  • Everything in Business
  • EPSS history (365 days)
  • 20 webhook registrations
  • 10 API keys + team seats
  • 365-day scan history
  • $0.001/overage lookup
  • Priority email + Slack
Contact Us

Frequently Asked Questions

What counts as a lookup?

Each API call to /v1/cve, /v1/pkg, or /v1/scan counts as one lookup. Health checks, auth, and billing endpoints are free.

What happens when I hit my limit?

Free and Pro tiers are blocked at the limit. Business and Growth tiers allow overages at a small per-lookup fee. Limits reset on the 1st of each month.

Where does PatchPulse data come from?

We aggregate from five public data sources: NIST NVD, FIRST EPSS, CISA KEV, OSV.dev, and GitHub Security Advisories. All data is public domain — we add cross-referencing, enrichment, and a fast API.

Can I use PatchPulse in my CI/CD pipeline?

Yes. The CLI supports --ci mode with configurable exit codes. Set PATCHPULSE_API_KEY as an env var in your pipeline and run patchpulse check --ci.

How fresh is the data?

NVD syncs every 2 hours. EPSS scores update daily. CISA KEV syncs daily. OSV and GHSA sync every 6 hours. Check /v1/health for exact freshness timestamps.