For my personal use and scanning my home network, I use OpenVAS community edition. It's free, but the VM needs cycled every once in a while since the OS does not update with the free version.
For work, we use Acunetix and Nessus, both have the ability to scan for the vulnerability just like OpenVAS. The only places we identified the vulnerability were in Composer and some back-end servers not exposed to the public. All of that is currently being worked on or has been fixed.