This is a pretty interesting web-site: It contains Google quiries looking for vulnerabilities in publicly available source code. The list however is still rather short but I could think that this will be growing:

http://www.cipher.org.uk/index.php?p=projects/bugle.project

Roger