There's an Android app that compares patches for security issues out there to what's on your phone called Snoopsnitch (https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch). If you are missing patches, you can't get them for your phone as it's up to the manufacturer to release them. However, the information can help you press the manufacturer to release a patch for the device you have. As an example, when I run it on my Motorola phone I get the following results:
Patched 19
Patch missing 0
After claimed patch level 0
Test inconclusive 29
Not affected 3
It also shows when patches were leased by month and year below. It mentions the number of CVEs covered by each patch but not the specific CVEs, which would be nicer.
The FAQ on their website explains what the descriptions mean here (https://opensource.srlabs.de/projects/snoopsnitch/wiki/FAQ#What-do-the-patch-level-analysis-results-mean). I'm using Android 10 on my phone so the total number of patches can vary. The 'test inconclusive' means the result could be a false positive as they're not sure of the result. I'd be curious to see the results for others, particularly if you're using Android 10.
Oh, btw, it's Open Source. :)