This is a repository of vulnerability advisories for projects in scope for the prospective
Python Software Foundation CVE Numbering Authority (CNA). Advisories are also
published to the [email protected] mailing list.
You can find all advisories in the advisories/ directory.
Sub-directories under advisories/ denote the affected product (ie python).
Advisories are published in the OSV Format.
Historical advisories have been converted into the OSV format for easier consumption by automated tools. CVE IDs and metadata for historical advisories are sourced from vstinner/python-security.
Advisories in OSV format are generated from published CVE records. Updating an advisory requires updating the
upstream CVE record so must be done by either creating an issue on GitHub
or contacting the CNA operators at [email protected]. Pull requests updating
advisories sourced from CVEs will be closed.