I maintain a fairly large collection of hosted web and server applications, a large portion of them running WordPress, Django, Laravel, and Drupal. I'm aware of the normal channels for tracking new releases, but what is the best way to be in the know about new security issues without spamming an email folder or twitter feed with every CVE?
Usually there are mailing lists you can sign up for, but they can be spammy. Organizations I have reviewed have a vulnerability scans happen every month. I think it's a best effort kinda thing unless you have a dedicated security team monitoring daily.
The juicy bugs will usually make their way into your front view like ShellShock, Heartbleed, Spectre, drupalgeddon etc. I'd say just by the willingness to ask this question and stay on top of updates you should be fine.<p>New vulnerabilities are discovered everyday and it doesn't even include the ones that are never publicly disclosed.
1) If you're using Github, enable security alerts (<a href="https://github.blog/2017-11-16-introducing-security-alerts-on-github/" rel="nofollow">https://github.blog/2017-11-16-introducing-security-alerts-o...</a>). This is basically looking at your package manifests and checking for known vulnerable dependencies. Django security updates work out of the box, I don't know if PHP is supported. For wordpress (and probably Drupal) there are security scanners that are worth running.