The Vulnerability History Project

4,842

## Vulnerabilities We have collected historical engineering data on vulnerabilities that have been publicly reported from prominent open source projects.

740

Curations

The number of vulnerabilities that have been manually reviewed by a curator.

66,263

Words Written

The approximate number of words that curators have written in the "description" field for a vulnerability.

15.3%

Curated

The percentage of vulnerabilities we need curated.

15.3%

8 Case Studies

The approximate number of words that curators have written in the "description" field for a vulnerability.

Chromium Browser

Django

FFmpeg

Apache HTTPD Web Server

Linux Kernel

Apache Struts

systemd

Apache Tomcat

2,015

Fixes

27.2% of 4,842

The **number of commits** we identified as having fixed a vulnerability. These changes identify the original mistake in the source code. We have 1,316 (27.2%) vulnerabilities for which we have identified at least one fix commit.

3,319

VCCs

30.5% of 4,842

The number of **Vulnerability-Contributing Commits** we have identified. These are considered potential origins of the coding mistake that led to these vulnerabilities. We have 1,476 (30.5%) vulnerabilities for which we have identified at least one fix commit.

626

Tags per Vulnerability

The average number of tags we have applied to a vulnerability.

3,933

Lessons

The number of instances where a curator flagged a vulnerability of being an example of a common secure software engineering lesson. Learn more about vulnerabilities tagged with a [:tag: Lessons](/tags?search=Lesson).

513,808

### Events Our timelines show events in the history of the vulnerable code to tell a unique story about the people, project, and code behind the issue.

106.1

### Events per Vulnerability The average number of events each vulnerability has on its timeline.

### Articles We always have something to say about how vulnerabilities come into existence.

Our Status By The Numbers