linux kernel security - weakish/cheat GitHub Wiki
Follow stable instead of CVE.
This is because in Linux kernel development, security bugs get fixed before applying a CVE number. And some commiter or maintainer does not realize or care that a bug is actually a security bug. Thus some security bugs fixed in stable kernel are not recorded in CVE.
For more information: