This is a repository of vulnerability advisories for projects in scope for the prospective Python Software Foundation CVE Numbering Authority (CNA). Advisories are also published to the security-announce@python.org mailing list.

You can find all advisories in the advisories/ directory. Sub-directories under advisories/ denote the affected product (ie python). Advisories are published in the OSV Format.

Historical advisories have been converted into the OSV format for easier consumption by automated tools. CVE IDs and metadata for historical advisories are sourced from vstinner/python-security.

Advisories in OSV format are generated from published CVE records. Updating an advisory requires updating the upstream CVE record so must be done by either creating an issue on GitHub or contacting the CNA operators at cna@python.org. Pull requests updating advisories sourced from CVEs will be closed.