Request for specific product recommendations are considered off-topic.
There are numerous vulnerability scanners as you can see on lists such as this one: https://owasp.org/www-community/Vulnerability_Scanning_Tools
Be aware that just scanning version numbers can result in many false positives on Linux distributions that do security back porting, as for example explained in this Q&A PCI Compliance: install Apache 2.4.17 on Ubuntu 14.04.3?
Authenticated scans can help against that by checking the version of the package, rather than the version string an application reports.
Another approach is more from the system management perspective with centralised server management including release and patch management.
For example Ubuntu's Landscape , Red Hat Satellite and Microsoft SCCM