Bob Kline wrote at 2023-7-14 13:35 -0400: >Can someone point me to the official catalog of security vulnerabilities in >Python (by which I mean cpython and the standard libraries)? I found >https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html >but that isn't maintained by python.org.
I am active in the `Zope` community (a web application server based on Python). This community has a security mailing list for security related reports and issues public CVE (= "Commun Vulnerabilities and Exposures") reports (via a "GitHUB" service) as soon as a security risk has been resolved. I expect that security risks for Python itself are handled in a similar way (as, Python too, maintains its code on "GitHUB"). This means that the CVE dictionary should contain **ALL** publicly announced security risk reports whether found by the Pyhton community or packagers. For details about CVE, read "https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures". -- https://mail.python.org/mailman/listinfo/python-list