For vulnerabilities in programs there is only one place worth looking

Security focus's vulnerability database

have a look here for the programs you are using. As it feeds from the bugtraq mailing list it is about as uptodate as you are going to get.

As for update etc you should always get them, mainly when you find a vulnerability in a program you tell the vendor, when they have fixed it and made a patch then you post to bugtraq (it doesn't always happen like that but most times). So the patch solves the problem before the rest of the world and every script kiddie finds out

SittingDuck