web3 reports can be found at solodit.xyz and code4rena.com/reports
Note: This list to filter for only vulns that have a github link to source code (//github.com/path/to/file#L) or potential writeup.