diff --git a/config.json b/config.json
index 220981b..87dd019 100644
--- a/config.json
+++ b/config.json
@@ -928,8 +928,9 @@
         },
         "metrics" : {
             "NEEDREPOS" : ["poky"],
+            "extravars" : ["INHERIT += 'cve-check'"],
             "step1" : {
-                "EXTRACMDS" : ["../../yocto-autobuilder-helper/scripts/run-patchmetrics ../ ../meta/ ${HELPERRESULTSDIR}/../../patchmetrics"]
+                "EXTRACMDS" : ["../../yocto-autobuilder-helper/scripts/run-patchmetrics ../ ../meta/ ${HELPERRESULTSDIR}/../../patchmetrics ."]
             }
         },
         "meta-mingw" : {
diff --git a/scripts/cve-report.py b/scripts/cve-report.py
new file mode 100755
index 0000000..33b7b1d
--- /dev/null
+++ b/scripts/cve-report.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+import os, sys
+import json
+
+jsonfile = sys.argv[1]
+
+ignored_recipes = ("linux-yocto", "db", "db-native")
+
+with open(jsonfile) as f:
+    cvedata = json.load(f)
+
+cves = dict()
+
+for recipe in cvedata['package']:
+    if recipe['name'] in ignored_recipes:
+        continue
+    if 'issue' not in recipe:
+        continue
+    for i in recipe['issue']:
+        if i['status'] == "Unpatched":
+            if i["id"] in cves:
+                cves[i["id"]] += ":" + recipe['name']
+            else:
+                 cves[i["id"]] = recipe['name']
+
+print("Found %d unpatched CVEs" % len(cves))
+for cve in sorted(cves.keys()):
+    print("%s: %s https://web.nvd.nist.gov/view/vuln/detail?vulnId=%s *" % (cve, cves[cve], cve))
diff --git a/scripts/run-patchmetrics b/scripts/run-patchmetrics
index c458d92..6e8d390 100755
--- a/scripts/run-patchmetrics
+++ b/scripts/run-patchmetrics
@@ -5,7 +5,14 @@
 PARENTDIR=`realpath $1`
 TARGETDIR=`realpath $2`
 RESULTSDIR=`realpath -m $3`
+BUILDDIR=`realpath $4`
+OURDIR=`dirname $0`
 
+TIMESTAMP=`date +"%s"`
+
+#
+# Patch Metrics
+#
 git clone ssh://git@push.yoctoproject.org/yocto-metrics $PARENTDIR/yocto-metrics
 $PARENTDIR/scripts/contrib/patchreview.py $TARGETDIR -j $PARENTDIR/yocto-metrics/patch-status.json
 git -C $PARENTDIR/yocto-metrics commit -asm "Autobuilder adding new patch stats"
@@ -18,3 +25,16 @@ fi
 cp $PARENTDIR/yocto-metrics/patch-status.json $RESULTSDIR
 cp $PARENTDIR/yocto-metrics/patch-status/* $RESULTSDIR
 
+#
+# CVE Checks
+#
+bitbake world --runall cve_check -R conf/distro/include/cve-extra-exclusions.inc
+mkdir -p $PARENTDIR/yocto-metrics/cve-check/
+cp tmp/log/cve/cve-summary.json $PARENTDIR/yocto-metrics/cve-check-$TIMESTAMP.json
+git -C $PARENTDIR/yocto-metrics add cve-check-$TIMESTAMP.json
+git -C $PARENTDIR/yocto-metrics commit -asm "Autobuilder adding new CVE data"
+git -C $PARENTDIR/yocto-metrics push
+
+$OURDIR/cve-report.py tmp/log/cve/cve-summary.json > $RESULTSDIR/cve-status.txt
+
+