Current CVEs can be found at the Ubuntu CVE Tracker
It now lists the main code as a git respository not a bzr repo.
The bzr branch links have different addresses: https://code.launchpad.net/ubuntu-cve-tracker/+branches
Source : https://github.com/coreos/clair/issues/524