This page will hopefully soon consist of many code review reports with proper description of project/version/architecture/possible flaws and security relevant patches.
As a start, I will add some packages which are common across a lot of Linux distributions and have been identified as a potential risk since they either run privileged or with network input. Feel free to add other OS's or move to another, separate, page. The intention is NOT to enumerate all possibly problematic packages such as editor-foo-bar.tgz but the core packages that are needed to setup minimal working desktop or server system.
For large packages, only per-subsystem status will likely make sense.