We have collected historical engineering data on vulnerabilities that have been publicly reported from prominent open source projects.
The number of vulnerabilities that have been manually reviewed by a curator.
The approximate number of words that curators have written in the "description" field for a vulnerability.
The percentage of vulnerabilities we need curated.
15.3%
27.2% of 4,842
The number of commits we identified as having fixed a vulnerability. These changes identify the original mistake in the source code. We have 1,316 (27.2%) vulnerabilities for which we have identified at least one fix commit.
30.5% of 4,842
The number of Vulnerability-Contributing Commits we have identified. These are considered potential origins of the coding mistake that led to these vulnerabilities. We have 1,476 (30.5%) vulnerabilities for which we have identified at least one fix commit.
The number of different tags we have applied to vulnerabilities.
The average number of tags we have applied to a vulnerability.
The number of instances where a curator flagged a vulnerability of being an example of a common secure software engineering lesson. Learn more about vulnerabilities tagged with a Lessons.
Our timelines show events in the history of the vulnerable code to tell a unique story about the people, project, and code behind the issue.
The average number of events each vulnerability has on its timeline.
We always have something to say about how vulnerabilities come into existence.
The Vulnerability History Project