@shochdoerfer You should be able to subscribe to the mailing list I linked. We do not have a separate mailing list for security releases vs normal releases though.
Filtering our mailing list for the letters "CVE" would probably be the most effective mechanism if you only want security related releases.