The threats are posted on the ZDI portal, which was created last year. During this time the program has dealt with threats for products from Microsoft applications, Mozilla, Symantec, Novell, Adobe and Apple. Until a patch is released, the TippingPoint Research Team (TSRT) keeps threat details confidential to avoid exploitation by hackers.

TippingPoint director of security research, David Endler said although the TSRT remove technical details from published pending threats, responsibility lies with the vendor in reporting and evaluation.

"Many of these vulnerabilities are still unresolved after six months or more after initial reporting; responsible disclosure only works well when the affected product vendor makes a concerted effort to evaluate and address a reported flaw," Endler said.

"As long as a zero day issue remains unresolved, the danger increases to that affected vendor's customer base; we hold the vendor community accountable to the same standards that they expect from the security research community.

"Over the past year, the most resounding suggestion from our ZDI researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero day vulnerabilities."