Security-News-Feeds Cheat Sheet
This is a collection of all major known security advisory feeds per operating system or topic. It is a superset of the 2010 post at geekscrap.com which misses Linux specific feeds. The idea is for you to grab the links below and drop those you need in your favourite feed reader (even Thunderbird will do). Alternatively you can pay others to do it for you :-)
If you find broken links please use the edit button above!
Unix / Linux Distributions
- Debian - Security Advisories (type tags only)
- Debian - Security Advisories (detailed description)
- Debian - Backports Security Announce
- Fedora - Security Updates
- Gentoo - Linux Security Advisories
- Ubuntu - Ubuntu Security Notices
- Mandrake - Security Announce
- Mandriva - Security
- Redhat - Recent Errata (bugfixes, patches)
- Centos - [email protected]
- Slackware - Security Advisories
- SuSE - Security Announcements
- OpenBSD - Errata
- NetBSD - Advisories
- FreeBSD - Advisories
Application Specific
- Apache - [email protected]
- Apache - CVE Feed (via cvedetails.com)
- Drupal - Security Advisories
- Drupal - Security Advisories for contributed modules
- Joomla - CVE Feed (via cvedetails.com)
- lighttpd - CVE Feed (via cvedetails.com)
- Nagios - CVE Feed (via cvedetails.com)
- nginx - CVE Feed (via cvedetails.com)
- Typo3 - Security News
- Wordpress - Security News
Platforms/Middleware
- Apache Hadoop - CVE Feed (via cvedetails.com)
- Django - CVE Feed (via cvedetails.com)
- Perl - CVE Feed (via cvedetails.com)
- Python - CVE Feed (via cvedetails.com)
- Oracle/Sun JDK - CVE Feed (via cvedetails.com)
Collections
- NIST Vulnerabilites
- Full Disclosure
- SecurityFocus Incidents
- Secunia @ tumblr
- Check Point - Update Services Advisories
- US CERT Technical Cyber Security Alerts
By Vendor
- Cisco - Security Advisories
- Microsoft - Comprehensive Advisory List
- Oracle - Oracle Security Alerts
- IBM - Internet Security System Threads
- Apple - Security-Announce
- VMWare - Security Announce
How to get a feed for software not listed here?
1. Check cvedetails.com
When you need a security feed not listed above visit http://cvedetails.com and search for the product or vendor you are interested in. If you find it and recent CVEs are listed click on “Vulnerability Feeds and Widgets” which opens up a dialog where you can configure a filter and click “Generate RSS Feed”. Note: If you don’t find the “Vulnerability Feed and Widgets” link ensure you are on the “Vulnerability Statistics” page of the product/vendor!
2. Check gmane.org
If it is an open source product you are looking for and it has a security related mailing list chances are high that is being tracked by gmane.org which provides RSS feeds for each mailing list.