When it comes to providing information on security issues in web software the amount of information disclosed varies pretty widely. For WordPress security issues fixed in the core they are disclosed when the new version is released. For example, here is how they were mentioned in the most recent security release, 4.6.1:

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team. [Read more]