I find a reasonable amount via the Full Disclosure mailing list:
Other sources are my Twitter contacts in the infosec industry, including the official CVE team cve.mitre.org/cve/
Finally - I run Debian on public systems, so their own security patches are a source of alerts.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.