The central database of what the Debian security teams know about vulnerabilities is the http://security-tracker.debian.org. It cross references packages, vulnerable and fixed versions for different suites, CVE names, Debian bug numbers, DSA's and miscellaneous notes. It can be searched, e.g. by CVE name to see which Debian packages are affected or fixed, or by package to show unresolved security issues. The only information missing from the tracker is confidential information that the security team received under embargo.

Le paquet debsecan utilise les renseignements du système de suivi pour signaler à l'administrateur d'un système les paquets installés vulnérables, et ceux pour lesquels des mises à jour corrigeant les problèmes de sécurité sont disponibles.