I've been following Python Security Vulnerability for a long time, it's a very good channel to summarize Python vulnerabilities and solutions. I can find the vulnerability and affected version information in a very convenient way.

I would like to add some recently disclosed vulnerabilities to the cve directory:

• CVE-2015-20107:Shell injection in mailcap module
• CVE-2021-28861:Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.
• CVE-2016-3189 :Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
• CVE-2018-25032 :zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

...

I'm not sure if Python-security will continue to maintained, or if there are other ways to aggregate and notify Python vulnerabilities (I noticed Security-announce, but it doesn't seem to log all vulnerabilities).

I'm glad to do some work for the maintainance of the vulnerability information if needed. @vstinner