web3 reports can be found at solodit.xyz and code4rena.com/reports
web2 reports sources: hackerone reports by tag, pentester.land/writeups
Note: This list to filter for only vulns that have a github link to source code (//github.com/path/to/file#L