Recently, I opened a case, 01205420, regarding the issue that in NCM, the firmware vulnerabilities report was not working for Cisco IOS XE devices, which probably makes up the majority of their product line. Cisco IOS and NXOS devices appear to be working. I was told that Cisco IOS XE Devices are not supported.
From the case manager
"I have reviewed our articles and internal documentations and I found that firmware vulnerabilities for Cisco IOS XE will not work since this is not yet supported. I was able to bump on another case opened just a week ago which is the same as your issue why there are no firmware vulnerabilities found for Cisco IOSXE and was forwarded to Dev. In summary this feature is not yet supported."
Please include these in a near time future release as we will now have to rely on another process to review these devices vulnerabilities.