https://lists.debian.org/debian-security-announce/ (this one covers security updates to many packages, but not as much as CVE advisories cover, windows, etc)
https://www.debian.org/security/
https://www.openbsd.org/mail.html (ctrl-f for security, but unlike the debian ones, this only covers patches to the base OS, not other packages).
But for you of course it would depend on what you run and what matters to you.
https://lists.debian.org/debian-security-announce/ (this one covers security updates to many packages, but not as much as CVE advisories cover, windows, etc)
https://www.debian.org/security/
https://www.openbsd.org/mail.html (ctrl-f for security, but unlike the debian ones, this only covers patches to the base OS, not other packages).
But for you of course it would depend on what you run and what matters to you.