The central database of what the Debian security teams know about vulnerabilities is the http://security-tracker.debian.org. It cross references packages, vulnerable and fixed versions for different suites, CVE names, Debian bug numbers, DSA's and miscellaneous notes. It can be searched, e.g. by CVE name to see which Debian packages are affected or fixed, or by package to show unresolved security issues. The only information missing from the tracker is confidential information that the security team received under embargo.

Das Paket debsecan verwendet die Informationen in der Datenbank, zum den Administrator eines Systems darüber zu informieren, welche der installierten Pakete verwundbar sind und für welche Pakete Sicherheitsaktualisierungen verfügbar sind.