Greenbone can detect missing patches when they are associated with a CVE. However, AFAIK there is no VT that generally interpret package manager metadata.
You did not mention your target OS, but obviously command line tools like apt list --upgradable
, dnf check-update
or wmic qfe list
(for Windows, but does not include third-party packages) can be run locally to determine missing package update (or OS patch in the case of Windows).
That being said, it would be a far cry to expect a Windows patch cycle to go by without a CVE - let alone without a critical CVSS one. So you are always going to be notified about missing Windows updates.
If you are inclined you may consider developing your own VT for this task.
This is an interesting suggestion for a feature, so thank you for requesting information about it!