This are the public security advisories that I already found:

2016

• OLX Stored XSS
• Microsoft Office 365 Reflected File Download
• Flash XSS on typewrite_header.swf
• Adobe Reflected XSS

2015

• Google Finance Reflected File Download
• Bing Reflected File Download
• Wikiloc XXE vulnerability
• MailChimp Reflected File Download
• Multiple vulns on mTouch Quiz WordPress plugin
• Workable Reflected File Download
• DepositFiles ZeroClipboard.swf XSS
• Bytes That Rock voting manipulation
• Edmodo XSS and HTML Injection
• SendGrid Reflected File Download
• Events Made Easy WordPress Plugin CSRF + Persistent XSS
• Komento Joomla! component Persistent XSS
• Shopify opened to a RFD attack
• Acunetix got RFDed!
• OWASP ZAP XXE vulnerability
• Linkedin Reflected Filename Download
• DOM XSS in all Condé Nast sites network
• Google Reflected Filename Download
• ArubaNetworks Avatar Image XSPA
• Desk.com Reflected Filename Download
• Open Redirect and Reflected XSS on 123ContactForm
• DOM XSS on Nexmo Blog NXWP
• DOM XSS on Nexmo Blog
• Full Path Disclosure on Nexmo
• How I hacked a HP printer
• Reflected Filename Download on Google
• GitHub Username and Email Enumeration and RFD
• Instagram Reflected Filename Download
• Kaspersky Social Sharing WordPress Plugin RFD
• Trello Username Enumeration Vulnerability
• Facebook RFD: The final chapter
• Facebook RFD and Open File Upload
• Trello Reflected Filename Download
• Open Redirect in Yahoo Store

2014 to 2012

• phpList CSRF on subscription page
• My ad on your OLX favourites – CSRF style
• 3 Open Redirect on Google
• How it was possible to run a XSS worm on RunKeeper
• How a salesman could hack Prestashop
• Tumblr got DOM XSSed
• Gizmodo, Lifehacker, Gawker – reflected DOM XSS
• Mashable DOM XSS
• ESET and Symantec victims of vulnerable JW Player
• Vulnerable JW Player on two Yahoo sites
• Dowjones.com DOM XSS
• Prestashop persistent XSS and CSRF vulnerability
• Issuu DOM XSS
• Microsoft Pinpoint vulnerable to DOM XSS
• Jobs.cz XSS vulnerability
• IDG Now! vulnerable to reflected XSS
• phpMyAdmin XSS
• XSS on FCKeditor
• Alexa reflected DOM XSS
• McAfee DOM XSS
• DOM XSS vulnerabilities on Booking.com
• eBay XSS vulnerability
• Disable Blogger.com toolbar
• Kaspersky DOM XSS
• AVG vulnerable to DOM XSS
• Panda Security vulnerable to DOM XSS
• Google Orkut HTML limitations bypass
• PrestaShop <= 1.5.1 Persistent XSS
• Hootsuite labels XSS

2012 to 2003

• IXXO Cart Products “parent” SQL Injection Vulnerability
• Zoki Catalog “search_text” SQL Injection Vulnerability
• EasyRealtorPRO Multiple SQL Injection Vulnerabilities
• phpAdultSite CMS SQL Injection And Cross-Site Scripting
• SamTodo “tid” and “completed” Cross-Site Scripting Vulnerabilities
• ACG News Multiple SQL Injection Vulnerabilities
• Arcadem “loadpage” File Inclusion Vulnerability
• LineShout Two Script Insertion Vulnerabilities
• MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection Vulnerability
• Mall23 eCommerce “idOption_Dropdown_2” SQL Injection Vulnerability
• Comdev eCommerce Cross-Site Scripting Vulnerabilities
• MPM Guestbook Pro “header” File Inclusion Vulnerability
• SunShop Shopping Cart Cross-Site Scripting Vulnerability
• VoteBox “VoteBoxPath” File Inclusion Vulnerability
• MX Shop Index.PHP Multiple SQL Injection Vulnerabilities
• e107 “Login Name/Author” Script Insertion Vulnerability
•  iG FREE Shopping Cart “type_id” Parameter Input Validation Error
• Online Store Kit SQL Injection and Cross Site Scripting Vulnerability
• phpWebSite SQL Injection Vulnerabilities
• JShop Server Cross Site Scripting Vulnerability
• Mambo “Itemid” Parameter Cross-Site Scripting Vulnerability
• Private Message System Cross-Site Scripting Vulnerability
• My Little Forum Cross-Site Scripting Vulnerabilities