VHP
The Vulnerability History Project

Our Status By The Numbers

2,285
### Vulnerabilities We have collected historical engineering data on vulnerabilities that have been publicly reported from prominent open source projects.
537

Curations

The number of vulnerabilities that have been manually reviewed by a curator.
1

Words Written

The approximate number of words that curators have written in the "description" field for a vulnerability.
23.5%

Curated

The percentage of vulnerabilities we need curated.

23.5%

7

Case Studies

Chromium Browser
Apache HTTPD Web Server
Apache Tomcat
Apache Struts
systemd
FFmpeg
Django
1,771

Fixes

50.5% of 2,285

The **number of commits** we identified as having fixed a vulnerability. These changes identify the original mistake in the source code. We have 1,153 (50.5%) vulnerabilities for which we have identified at least one fix commit.
2,246

VCCs

39.6% of 2,285

The number of **Vulnerability-Contributing Commits** we have identified. These are considered potential origins of the coding mistake that led to these vulnerabilities. We have 904 (39.6%) vulnerabilities for which we have identified at least one fix commit.
619

Tags

The number of different tags we have applied to vulnerabilities.
7.4

Tags per Vulnerability

The average number of tags we have applied to a vulnerability.
3,503

Lessons

The number of instances where a curator flagged a vulnerability of being an example of a common secure software engineering lesson. Learn more about vulnerabilities tagged with a [:tag: Lessons](/tags?search=Lesson).
521,733
### Events Our timelines show events in the history of the vulnerable code to tell a unique story about the people, project, and code behind the issue.
228.3
### Events per Vulnerability The average number of events each vulnerability has on its timeline.
7
### Articles We always have something to say about how vulnerabilities come into existence.
vertical_align_top