this question sounds easy, but actually requires a complicated answer ... What do you consider "a patch"?
The command "esxcli software vib list" accurately displays the current status by listing all installed software packages (VIBs) with their versions.
But if you are looking for a kind of patch history then the command
esxcli software profile get
can help. It outputs a rather long "Description:" field that shows on which dates the system has been patched, and what packages were updated with each patch session. At the end it also shows the set of packages that the system was originally installed with. This way you get the complete history.
If you are just interested in the current ESXi build number and patch level then you would use
esxcli system version get