Vulnerability.Garden 🪴 is a catalog for all named vulnerabilities (including exploits & attack techniques)—y’know, those fancy-schmancy ones that often have their own dedicated website and logo (e.g. Heartleed). Where available, metadata is inclued with each vuln (e.g. CVE number, date published, proof-of-concept code, and other links…). This project originates from the “Designer Vulnerabilities” list on shellsharks.com.
Keep up to date with the latest named vulnerabilities added to the catalog by subscribing via RSS!
Maintainer
Brought to you with by Shellsharks.
Contribute / Feedback
If you’d like to contribute, or you see something wrong in the data (very possible!) you can submit a PR for the project repo on Codeberg.
Otherwise, feel free to contact me, send me feedback, or contribute by sending me a message on the Fediverse or via email.
For submitting new vulnerabilities, consult the vulnerability template or peruse other existing vulnerability records on the repo.
License and Use
Vulnerability Garden © 2026 by Shellsharks is licensed under CC BY-SA 4.0
If you reference Vulnerability.Garden 🪴, or use the data here, I only ask that you give it proper attribution. Aside from that, feel free to use everything here as you wish.
Stats
Total Vulnerabilities: 851
Vulnerabilities w/ a CVE: 519 (60%)
Vulnerabilities w/o a CVE: 332 (39%)
Vulnerabilities w/ a logo: 233 (27%)
Vulnerabilities I added to the catalog on the same day they were published: 134 (15%)
Vulnerabilities (published) by Year:
| Year | Count |
|---|---|
| 1998 | 1 |
| 1999 | 1 |
| 2003 | 1 |
| 2006 | 1 |
| 2008 | 1 |
| 2009 | 4 |
| 2011 | 2 |
| 2012 | 2 |
| 2013 | 3 |
| 2014 | 19 |
| 2015 | 19 |
| 2016 | 28 |
| 2017 | 38 |
| 2018 | 40 |
| 2019 | 57 |
| 2020 | 72 |
| 2021 | 74 |
| 2022 | 104 |
| 2023 | 100 |
| 2024 | 124 |
| 2025 | 106 |
| 2026 | 54 |
Some thoughts on the year-by-year breakdown:
- Between 1998-2013 there wasn’t many named vulns. In 2014, and probably thanks to Heartbleed, Shellshock & POODLE, the named vulns trend really kicks off.
- The early years (2011-2016) was really a golden-age of named SSL/TLS-related bugs — BEAST, Alert, CRIME, Lucky Thirteen, BREACH, 3SHAKE, POODLE, CREAM, FREAK, Logjam, DROWN, Sweet31…
- In 2017, named-vulns-per-year started increasing rapidly. Thanks Shadow Brokers!
- From 2017 through 2022, we were seeing a year-over-year increase of like 20+ named vulns. It became the hip thing to do!
- 2022-2025 we see a bit of a plateau.
- 2026* is shaping up to be a big year (~150+!)
*Stay tuned to see what 2026 brings!
Other Links
Credits
Thanks to the following for their contributions….