Hi, I updated the list of Python vulnerabilities: https://python-security.readthedocs.io/vulnerabilities.html I modified my code to support multiple CVE per vulnerability, example with 8 CVE: https://python-security.readthedocs.io/vuln/multiple-integer-overflows-apple... I added a "slug": ascii unique identifier for each vulnerability. Maybe we need to create our own vulnerability numbers rather than using CVE, bugs.python.org bug number or a slug. It might ease to properly identify a vulnerability. Some old issues have no bpo number (fixed directly into the code without creating an issue): https://python-security.readthedocs.io/vuln/smtplib-tls-stripping.html Deciding how we identify vulnerabilities is the main blocker issue to migrate https://python-security.readthedocs.io/ to https://security.python.org/ It would be nice to make this website more official to collect "official" information about Python security. Victor -- Night gathers, and now my watch begins. It shall not end until my death.