Towards the goal of a more secure and safe Python ecosystem, the Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA)!
Being a CNA means the PSF can improve the vulnerability response of critical projects in the Python ecosystem like CPython and pip and to Python users through timely and high-quality security advisories and remediations.
I also plan to create guidance focused on other Open Source organizations and projects both in and outside the Python ecosystem to become CNAs and provide the same benefits to their projects.
To be alerted of newly published vulnerabilities in Python or pip, subscribe to the security-announce@python.org mailing list for security advisories. There is also a new advisory database published to GitHub using the machine-readable Open Source Vulnerability (OSV) format.
You can read the full details in my announcement on the PSF blog.