VHP
The Vulnerability History Project

Our Status By The Numbers

2,625
### Vulnerabilities We have collected historical engineering data on vulnerabilities that have been publicly reported from prominent open source projects.
695

Curations

The number of vulnerabilities that have been manually reviewed by a curator.
61,030

Words Written

The approximate number of words that curators have written in the "description" field for a vulnerability.
26.5%

Curated

The percentage of vulnerabilities we need curated.

26.5%

8

Case Studies

Chromium Browser
Django
FFmpeg
Apache HTTPD Web Server
Linux Kernel
Apache Struts
systemd
Apache Tomcat
1,944

Fixes

49.4% of 2,625

The **number of commits** we identified as having fixed a vulnerability. These changes identify the original mistake in the source code. We have 1,298 (49.4%) vulnerabilities for which we have identified at least one fix commit.
2,696

VCCs

39.8% of 2,625

The number of **Vulnerability-Contributing Commits** we have identified. These are considered potential origins of the coding mistake that led to these vulnerabilities. We have 1,045 (39.8%) vulnerabilities for which we have identified at least one fix commit.
758

Tags

The number of different tags we have applied to vulnerabilities.
8.1

Tags per Vulnerability

The average number of tags we have applied to a vulnerability.
4,140

Lessons

The number of instances where a curator flagged a vulnerability of being an example of a common secure software engineering lesson. Learn more about vulnerabilities tagged with a [:tag: Lessons](/tags?search=Lesson).
373,351
### Events Our timelines show events in the history of the vulnerable code to tell a unique story about the people, project, and code behind the issue.
142.2
### Events per Vulnerability The average number of events each vulnerability has on its timeline.
7
### Articles We always have something to say about how vulnerabilities come into existence.
vertical_align_top