http://www.foxitsoftware.com/Secure_PDF_Reader/security_bull...
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apple+coregr...
no vulnerabilities in 2012, one in 2011 and two in 2010.
CVE is public and collects both patched and unpatched known vulnerabilities reported by vendors and independent parties.