This component and plugin searches the latest feed of vulnerable extensions and then compares that to a list of installed extensions on your site. The component presents a graphic indicating the level of severity of the match, the details of the listing, and any links provided to fixes.
The plugin performs that same function as a system plugin. You set email addresses and how often you want the plugin to run. You determine what kind of notice you want - a report of extension and version match, just extension match, or even when there are no matches.