Security vendor Eeye has launched a website where the company is publishing an overview of unpatched or so-called 0-day software vulnerabilities that attackers are actively exploiting.

The company feels that publication of the information is needed now that attackers are increasingly expanding their focus beyond Microsoft software, making it harder for organizations and individuals to remain up to date about the latest security threats.

"This allows people to understand what 0-day exploits are out the," Marc Maiffret, Eeye's chief technology officer told vnunet.com. "Part of it is also that we want to put pressure on vendors so they patch the 0-days."

Even if a vendor hasn't yet made a patch available for a vulnerability, users can often protect themselves by using workarounds, he added.

The website currently lists seven security holes that attackers are targeting. Except for one vulnerability in Adobe ActiveX, all the listed flaws affect Microsoft applications.

The data on the website is gathered from security mailing lists and public forums that are frequented by security researchers.

Roger Thompson, chief technology officer with Exploit Prevention Labs, another security vendor, applauded the initiative.

"There are over 300 vulnerabilities that get revealed every month. Only one of them is typically [exploited]. It's easy to loose track of the ones that are being used and which aren't," Thompson told vnunet.com.

But the website could also increase the exposure of unpatched vulnerabilities, effectively creating a one-stop-stop for so-called script-kiddies and other unsophisticated malware authors.