Found this neat page by eEye Digital Security which keeps track of 0-days.

This page documents active vulnerabilities that vendors have not patched, how long the community has been exposed to the vulnerability, the severity of the vulnerability, and more. In the rising sea of vulnerabilities, knowing serious flaws that have received little or no attention is key when gauging what you should or shouldn't allow in your network and on your operating systems.

http://research.eeye.com/html/alerts/zeroday/index.html