diff --git a/website/BUILD b/website/BUILD
index ed860a3e1e..2fda0623bf 100644
--- a/website/BUILD
+++ b/website/BUILD
@@ -115,8 +115,10 @@ pkg_tar(
         "_config.yml",
         ":css",
         "//website/blog:index.html",
+        "//website/saves:index.html",
         "//website/users:index.html",
     ] + glob([
+        "_data/**",
         "assets/**",
         "_includes/**",
         "_layouts/**",
diff --git a/website/_data/saves.yml b/website/_data/saves.yml
new file mode 100644
index 0000000000..ea482de71c
--- /dev/null
+++ b/website/_data/saves.yml
@@ -0,0 +1,726 @@
+cves:
+  - date: "2016-01"
+    description: "A race condition in mm/gup.c allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2016-5195"
+    cvss: 7.2
+    saved: true
+  - date: "2017-01"
+    description: "Insufficient data validation in waitid allowed an user to escape sandboxes on Linux."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux containers"
+    cve: "CVE-2017-5123"
+    cvss: null
+    saved: true
+  - date: "2020-09"
+    description: "Memory corruption in the Linux kernel packet socket (AF_PACKET) allows unprivileged processes to gain root privileges."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2020-14386"
+    cvss: 7.8
+    saved: true
+  - date: "2021-05"
+    description: "A symlink-exchange race condition in runc allows container filesystem breakout via directory traversal."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2021-30465"
+    cvss: 8.5
+    saved: false
+    vm_prevented: false
+  - date: "2021-07"
+    description: "An integer overflow in fs/seq_file.c buffer allocations leads to an out-of-bounds write and root privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2021-33909"
+    cvss: 7.8
+    saved: true
+  - date: "2021-12"
+    description: "A use-after-free flaw in the Linux kernel cgroup v1 parser allows local privilege escalation and container breakout."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2021-4154"
+    cvss: 8.8
+    saved: true
+  - date: "2022-01"
+    description: "A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2021-22600"
+    cvss: 7.8
+    saved: true
+  - date: "2022-01"
+    description: "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-0185"
+    cvss: 7.8
+    saved: true
+  - date: "2022-02"
+    description: "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-0492"
+    cvss: 7.8
+    saved: true
+  - date: "2022-04"
+    description: "A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-0847"
+    cvss: 7.8
+    saved: true
+  - date: "2022-04"
+    description: "A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-1055"
+    cvss: 7.8
+    saved: true
+  - date: "2022-04"
+    description: "A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-27666"
+    cvss: 7.8
+    saved: true
+  - date: "2022-06"
+    description: "Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-29581"
+    cvss: 7.8
+    saved: true
+  - date: "2022-06"
+    description: "In the Linux kernel , fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-29582"
+    cvss: 7.0
+    saved: true
+  - date: "2022-06"
+    description: "Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-1116"
+    cvss: 7.8
+    saved: true
+  - date: "2022-06"
+    description: "A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-1786"
+    cvss: 7.8
+    saved: true
+  - date: "2022-06"
+    description: "A speculative execution vulnerability (Retbleed) in modern microprocessors allows unprivileged attackers to leak kernel memory."
+    risk: "Cross-customer data leak"
+    scope: "AMD + Intel machines"
+    cve: "CVE-2022-29900"
+    cvss: 6.5
+    saved: false
+    vm_prevented: false
+  - date: "2022-07"
+    description: "Io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-2327"
+    cvss: 7.8
+    saved: true
+  - date: "2022-09"
+    description: "There exists a use-after-free in io_uring in the Linux kernel."
+    risk: "Pod-to-guest escalation with root privs"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-3176"
+    cvss: 7.8
+    saved: true
+  - date: "2022-09"
+    description: "In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free."
+    risk: "Pod-to-guest escalation with root privs"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-20409"
+    cvss: 7.8
+    saved: true
+  - date: "2022-10"
+    description: "It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free."
+    risk: "Pod-to-guest escalation with root privs"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-2585"
+    cvss: 7.8
+    saved: true
+  - date: "2022-10"
+    description: "Io_uring UAF, Unix SCM garbage collection."
+    risk: "Pod-to-guest escalation with root privs"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-2602"
+    cvss: 6.5
+    saved: true
+  - date: "2022-12"
+    description: "Moby is an open-source project created by Docker to enable and accelerate software containerization."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-24769"
+    cvss: 6.5
+    saved: true
+  - date: "2023-02"
+    description: "Privilege escalation in io_uring"
+    risk: "Pod-to-guest escalation with root privs"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2023-03"
+    description: "Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-1281"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake."
+    risk: "Pod-to-guest escalation"
+    scope: "Container images using libcurl"
+    cve: "CVE-2023-38545"
+    cvss: 8.1
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4208"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4015"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4207"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4623"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4622"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4206"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4921"
+    cvss: 7.8
+    saved: true
+  - date: "2023-10"
+    description: "A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-4147"
+    cvss: 7.8
+    saved: true
+  - date: "2023-12"
+    description: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-6111"
+    cvss: 7.8
+    saved: true
+  - date: "2023-12"
+    description: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-6817"
+    cvss: 7.8
+    saved: true
+  - date: "2024-01"
+    description: "Runc is a CLI tool for spawning and running containers on Linux according to the OCI specification."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux containers"
+    cve: "CVE-2024-21626"
+    cvss: 8.2
+    saved: true
+  - date: "2024-02"
+    description: "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel."
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-0193"
+    cvss: 7.8
+    saved: true
+  - date: "2024-02"
+    description: "Privilege escalation due to use-after-free in kernel TLS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-26583"
+    cvss: 7.8
+    saved: true
+  - date: "2024-02"
+    description: "Privilege escalation due to use-after-free in kernel TLS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-26584"
+    cvss: 7.8
+    saved: true
+  - date: "2024-02"
+    description: "Privilege escalation due to use-after-free in kernel TLS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-26585"
+    cvss: 7.8
+    saved: true
+  - date: "2024-02"
+    description: "Privilege escalation due to use-after-free in kernel TLS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-52447"
+    cvss: 7.8
+    saved: true
+  - date: "2024-02"
+    description: "Privilege escalation due to use-after-free in nf_tables"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-26581"
+    cvss: 7.0
+    saved: true
+  - date: "2024-03"
+    description: "Privilege escalation due to anonymous set in nf_tables"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2024-03"
+    description: "Privilege escalation due to race condition in nf_tables"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2024-03"
+    description: "Privilege escalation due to use-after-free in nf_tables"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2024-03"
+    description: "Privilege escalation in nft_verdict_init"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2024-04"
+    description: "Unsafe Python Pickle deserialization of ML models"
+    risk: "Pod-to-guest escalation"
+    scope: "ML API endpoints"
+    cve: ""
+    cvss: 8.8
+    saved: true
+  - date: "2024-04"
+    description: "Privilege escalations due to use-after-free in packet processing"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2024-05"
+    description: "Vulnerability in io_uring and SCM_RIGHTS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2024-05"
+    description: "Privilege escalation in net/packet / nf_tables"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-26925"
+    cvss: 7.8
+    saved: true
+  - date: "2024-05"
+    description: "Out-of-bounds access in eBPF verifier"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2022-23222"
+    cvss: 7.8
+    saved: true
+  - date: "2024-05"
+    description: "Privilege escalation due to use-after-free in kernel TLS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-26800"
+    cvss: 7.8
+    saved: true
+  - date: "2024-06"
+    description: "Capabilities inheritance flaw in containerd 1.4"
+    risk: "Pod-to-guest escalation"
+    scope: "Containerd 1.4"
+    cve: "GHSA-c9cp-9c75-9v8c"
+    cvss: 7.5
+    saved: true
+  - date: "2024-10"
+    description: "Use-after-free flaw in Qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-46800"
+    cvss: 7.8
+    saved: true
+  - date: "2024-11"
+    description: "Bad handling of symlinks in malicious user-supplied image"
+    risk: "Arbitrary host file read"
+    scope: "OSS containers with GPU"
+    cve: "CVE-2024-0132"
+    cvss: 8.7
+    saved: false
+    vm_prevented: true
+  - date: "2025-02"
+    description: "Privilege escalation in netfilters"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-53141"
+    cvss: 7.8
+    saved: true
+  - date: "2025-03"
+    description: "Linux qdisc implementation flaw"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2024-53164"
+    cvss: 7.8
+    saved: true
+  - date: "2025-03"
+    description: "Vsock privilege escalation"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-21756"
+    cvss: 7.8
+    saved: true
+  - date: "2025-03"
+    description: "Privilege escalation in netfilter"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-52927"
+    cvss: 7.8
+    saved: true
+  - date: "2025-04"
+    description: "Local privilege escalation in qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-21703"
+    cvss: 7.8
+    saved: true
+  - date: "2025-04"
+    description: "Local privilege escalation in qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-21700"
+    cvss: 7.8
+    saved: true
+  - date: "2025-05"
+    description: "io_uring ring mapped supplied buffers vulnerability"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-40364"
+    cvss: 7.8
+    saved: true
+  - date: "2025-05"
+    description: "Local privilege escalation in qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-37798"
+    cvss: 7.8
+    saved: true
+  - date: "2025-05"
+    description: "Local privilege escalation in qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-37797"
+    cvss: 7.8
+    saved: true
+  - date: "2025-05"
+    description: "Local privilege escalation in qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-37752"
+    cvss: 7.8
+    saved: true
+  - date: "2025-05"
+    description: "ctstate RELATED iptables rule flaw"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2023-52927"
+    cvss: 7.8
+    saved: true
+  - date: "2025-05"
+    description: "Operations on net devices during unregister"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-21701"
+    cvss: 7.8
+    saved: true
+  - date: "2025-06"
+    description: "Use-after-free in HFSC packet scheduling"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38000"
+    cvss: 7.8
+    saved: true
+  - date: "2025-06"
+    description: "Use-after-free in HFSC packet scheduling"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38001"
+    cvss: 7.8
+    saved: true
+  - date: "2025-06"
+    description: "Race in PRIO qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38083"
+    cvss: 7.8
+    saved: true
+  - date: "2025-07"
+    description: "Use-after-free in Qdisc"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38350"
+    cvss: 7.8
+    saved: true
+  - date: "2025-07"
+    description: "Use-after-free in QFQ scheduling"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38477"
+    cvss: 7.8
+    saved: true
+  - date: "2025-08"
+    description: "Use-after-free in xfrm interface"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38500"
+    cvss: 7.8
+    saved: true
+  - date: "2025-08"
+    description: "Use-after-free in net/packet"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38617"
+    cvss: 7.8
+    saved: true
+  - date: "2025-08"
+    description: "Use-after-free in vsock"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38618"
+    cvss: 7.8
+    saved: true
+  - date: "2025-08"
+    description: "Data corruption in Kernel TLS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-38616"
+    cvss: 7.8
+    saved: true
+  - date: "2025-10"
+    description: "Buffer overflow in Kernel TLS"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-39946"
+    cvss: 7.8
+    saved: true
+  - date: "2025-10"
+    description: "Data race in AF_ALG socket"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-39964"
+    cvss: 7.8
+    saved: true
+  - date: "2025-10"
+    description: "Data corruption in IPSec"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-39965"
+    cvss: 7.8
+    saved: true
+  - date: "2025-10"
+    description: "Use-after-free in IP Virtual Server"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-40018"
+    cvss: 7.8
+    saved: true
+  - date: "2025-10"
+    description: "Integer underflow in crypto"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-40019"
+    cvss: 7.8
+    saved: true
+  - date: "2025-12"
+    description: "Data race in GC alive socket receiver queue"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-40214"
+    cvss: 7.8
+    saved: true
+  - date: "2025-12"
+    description: "Data race deleting tunnel"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2025-40215"
+    cvss: 7.8
+    saved: true
+  - date: "2026-02"
+    description: "NULL pointer dereference in authencesn"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23060"
+    cvss: 7.8
+    saved: true
+  - date: "2026-02"
+    description: "Use-after-free in teql"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23074"
+    cvss: 7.8
+    saved: true
+  - date: "2026-02"
+    description: "Use-after-free in nftables map"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23111"
+    cvss: 7.8
+    saved: true
+  - date: "2026-02"
+    description: "Use-after-free in macvlan"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23209"
+    cvss: 7.8
+    saved: true
+  - date: "2026-03"
+    description: "Use-after-free in nf_tables"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23231"
+    cvss: 7.8
+    saved: true
+  - date: "2026-03"
+    description: "Local privilege escalation in AppArmor"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
+  - date: "2026-03"
+    description: "Read/write tenant data in shared GPU environments"
+    risk: "Local privilege escalation"
+    scope: "NVIDIA GPUs"
+    cve: ""
+    cvss: 8.2
+    saved: false
+    vm_prevented: true
+  - date: "2026-03"
+    description: "Local privilege escalation in snap-confine and systemd-tmpfiles"
+    risk: "Pod-to-guest escalation"
+    scope: "Ubuntu VMs"
+    cve: "CVE-2026-3888"
+    cvss: 7.8
+    saved: true
+  - date: "2026-03"
+    description: "Denial of Service due to cleanup failure in nf_tables"
+    risk: "Denial of Service"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23278"
+    cvss: 7.5
+    saved: true
+  - date: "2026-03"
+    description: "Local Denial of Service in netfilter"
+    risk: "Denial of Service"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23351"
+    cvss: 7.5
+    saved: true
+  - date: "2026-03"
+    description: "Use-after-free in af_unix GC"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23394"
+    cvss: 7.8
+    saved: true
+  - date: "2026-04"
+    description: "Use-after-free via race condition"
+    risk: "Denial of Service"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23240"
+    cvss: 9.8
+    saved: true
+  - date: "2026-04"
+    description: "Use-after-free in netfilter"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-23392"
+    cvss: 7.8
+    saved: true
+  - date: "2026-04"
+    description: "Use-after-free in IPv6 stack"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-31419"
+    cvss: 7.8
+    saved: true
+  - date: "2026-04"
+    description: "Data structure mishandling in ipset"
+    risk: "Network policy bypass"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-31418"
+    cvss: 7.5
+    saved: true
+  - date: "2026-04"
+    description: "Use-after-free in packet_release via NETDEV_UP race"
+    risk: "Denial of Service"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-31504"
+    cvss: 7.5
+    saved: true
+  - date: "2026-04"
+    description: "Use-after-free in tls_do_encryption"
+    risk: "Denial of Service"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-31533"
+    cvss: 7.5
+    saved: true
+  - date: "2026-04"
+    description: "Chained attack in AF_ALG + splice syscall"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: "CVE-2026-31431"
+    cvss: 7.8
+    saved: true
+  - date: "2026-05"
+    description: "Linux bonding device vulnerability leading to container escape"
+    risk: "Pod-to-guest escalation"
+    scope: "All Linux VMs"
+    cve: ""
+    cvss: 7.8
+    saved: true
diff --git a/website/_includes/footer-links.html b/website/_includes/footer-links.html
index 92612f0265..1dc92665ed 100644
--- a/website/_includes/footer-links.html
+++ b/website/_includes/footer-links.html
@@ -6,6 +6,7 @@
         <li><a href="/roadmap/">Roadmap</a></li>
         <li><a href="/contributing/">Contributing</a></li>
         <li><a href="/security/">Security</a></li>
+        <li><a href="/saves">Security Saves</a></li>
         <li><a href="/community/governance/">Governance</a></li>
         <li><a href="https://policies.google.com/privacy">Privacy Policy</a></li>
       </ul>
diff --git a/website/_includes/header-links.html b/website/_includes/header-links.html
index 6e1bf9b222..d0f23dda9d 100644
--- a/website/_includes/header-links.html
+++ b/website/_includes/header-links.html
@@ -12,6 +12,7 @@
         <li><a href="/docs">Documentation</a></li>
         <li><a href="/blog">Blog</a></li>
         <li><a href="/users">Users</a></li>
+        <li><a href="/saves">Security</a></li>
         <li><a href="/community/">Community</a></li>
         <li><a href="https://github.com/google/gvisor">GitHub</a></li>
       </ul>
diff --git a/website/saves/BUILD b/website/saves/BUILD
new file mode 100644
index 0000000000..a69c3bded8
--- /dev/null
+++ b/website/saves/BUILD
@@ -0,0 +1,7 @@
+package(
+    default_applicable_licenses = ["//:license"],
+    default_visibility = ["//website:__pkg__"],
+    licenses = ["notice"],
+)
+
+exports_files(["index.html"])
diff --git a/website/saves/index.html b/website/saves/index.html
new file mode 100644
index 0000000000..0ce5995098
--- /dev/null
+++ b/website/saves/index.html
@@ -0,0 +1,216 @@
+---
+title: Security Record
+layout: base
+---
+
+<div class="container">
+  <div class="users-content">
+    <h1>gVisor Security Record</h1>
+
+    <style>
+      .year-chart-btn {
+        cursor: pointer;
+        padding: 12px 6px;
+        border-radius: 12px;
+        transition: all 0.25s cubic-bezier(0.4, 0, 0.2, 1);
+      }
+      .year-chart-btn:hover {
+        background-color: #f8fafc;
+      }
+      .year-chart-btn .chart-bar-defended {
+        background-color: #94a3b8;
+        transition: all 0.25s ease;
+      }
+      .year-chart-btn .chart-bar-not-defended {
+        background-color: #cbd5e1;
+        transition: all 0.25s ease;
+      }
+      .year-chart-btn:hover .chart-bar-defended {
+        background-color: #64748b;
+      }
+      .year-chart-btn:hover .chart-bar-not-defended {
+        background-color: #94a3b8;
+      }
+      .year-chart-btn.active-chart-col {
+        background-color: #f0f6ff;
+        box-shadow: 0 4px 24px rgba(40, 111, 215, 0.12);
+        border: 1px solid #dbe8ff;
+      }
+      .year-chart-btn.active-chart-col .chart-bar-defended {
+        background-color: #286FD7;
+        box-shadow: 0 4px 12px rgba(40, 111, 215, 0.3);
+      }
+      .year-chart-btn.active-chart-col .chart-bar-not-defended {
+        background-color: #d9534f;
+        box-shadow: 0 4px 12px rgba(217, 83, 79, 0.3);
+      }
+      .year-chart-btn.active-chart-col .chart-year-label {
+        color: #286FD7 !important;
+        font-weight: 700 !important;
+      }
+      .year-chart-btn .chart-count-label {
+        font-size: 13px; 
+        font-weight: 600; 
+        color: #64748b; 
+        margin-bottom: 8px; 
+        text-align: center;
+        transition: color 0.25s ease;
+      }
+      .year-chart-btn.active-chart-col .chart-count-label {
+        color: #1e293b;
+        font-weight: 700;
+      }
+    </style>
+
+    <div class="marketing-chart-card" style="background: #ffffff; border: 1px solid #e2e8f0; border-radius: 16px; box-shadow: 0 12px 36px rgba(0, 0, 0, 0.06); margin-top: 35px; margin-bottom: 45px; overflow: hidden;">
+      <div style="padding: 32px 32px 10px 32px;">
+        <div style="display: flex; flex-wrap: wrap; justify-content: space-between; align-items: flex-start;">
+          <div>
+            <h3 style="font-size: 24px; font-weight: 700; color: #1a202c; margin: 0 0 8px 0;">Vulnerabilities Defended by Year</h3>
+            <p style="font-size: 15px; color: #64748b; margin: 0; max-width: 540px;">An overview of high-impact Linux kernel vulnerabilities mitigated by gVisor over time.</p>
+          </div>
+          <div style="display: flex; align-items: center; background: #f8fafc; padding: 8px 16px; border-radius: 20px; border: 1px solid #e2e8f0; margin-top: 10px;">
+            <div style="display: flex; align-items: center; margin-right: 16px;">
+              <span style="display: inline-block; width: 12px; height: 12px; border-radius: 3px; background-color: #286FD7; margin-right: 6px;"></span>
+              <span style="font-size: 13px; font-weight: 600; color: #334155;">Defended</span>
+            </div>
+            <div style="display: flex; align-items: center;">
+              <span style="display: inline-block; width: 12px; height: 12px; border-radius: 3px; background-color: #d9534f; margin-right: 6px;"></span>
+              <span style="font-size: 13px; font-weight: 600; color: #334155;">Unmitigated</span>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div style="padding: 10px 32px 32px 32px;">
+        <div class="chart-container" style="display: flex; align-items: flex-end; justify-content: space-between; height: 260px; padding: 20px 10px 10px 10px;">
+          {% assign valid_cves = site.data.saves.cves | where_exp: "item", "item.cve != nil and item.cve != ''" %}
+          {% assign grouped_cves = valid_cves | group_by_exp: "item", "item.date | slice: 0, 4" %}
+          {% for group in grouped_cves %}
+            {% assign total = group.items | size %}
+            {% assign saved_count = 0 %}
+            {% assign unsaved_count = 0 %}
+            {% for item in group.items %}
+              {% if item.saved %}
+                {% assign saved_count = saved_count | plus: 1 %}
+              {% else %}
+                {% assign unsaved_count = unsaved_count | plus: 1 %}
+              {% endif %}
+            {% endfor %}
+            {% assign total_percentage = total | times: 100.0 | divided_by: 20.0 %}
+            {% assign saved_ratio = saved_count | times: 100.0 | divided_by: total %}
+            {% assign unsaved_ratio = unsaved_count | times: 100.0 | divided_by: total %}
+            <div class="chart-column year-chart-btn {% if forloop.last %}active-chart-col{% endif %}" data-year="{{ group.name }}" style="display: flex; flex-direction: column; justify-content: flex-end; align-items: center; flex-grow: 1; height: 100%; margin: 0 4px;">
+              <div class="chart-count-label">{{ saved_count }}/{{ total }}</div>
+              <div class="chart-bar-wrapper" style="height: {{ total_percentage | at_most: 100 }}%; min-height: 6px; width: 100%; max-width: 48px; display: flex; flex-direction: column; justify-content: flex-end; border-radius: 6px 6px 0 0; box-shadow: 0 2px 4px rgba(0,0,0,0.06); overflow: hidden;">
+                <div class="chart-bar-not-defended" style="height: {{ unsaved_ratio }}%; width: 100%;"></div>
+                <div class="chart-bar-defended" style="height: {{ saved_ratio }}%; width: 100%;"></div>
+              </div>
+              <div class="chart-year-label" style="margin-top: 14px; font-weight: 600; font-size: 14px; color: #64748b; text-align: center; transition: color 0.25s ease;">{{ group.name }}</div>
+            </div>
+          {% endfor %}
+        </div>
+      </div>
+    </div>
+
+    <script>
+      document.addEventListener('DOMContentLoaded', function() {
+        const chartBtns = document.querySelectorAll('.year-chart-btn');
+        chartBtns.forEach(btn => {
+          btn.addEventListener('click', function() {
+            chartBtns.forEach(b => b.classList.remove('active-chart-col'));
+            this.classList.add('active-chart-col');
+            
+            const targetYear = this.getAttribute('data-year');
+            
+            document.querySelectorAll('.tab-pane').forEach(pane => {
+              pane.classList.remove('active');
+            });
+            
+            const activePane = document.getElementById('year-' + targetYear);
+            if (activePane) {
+              activePane.classList.add('active');
+            }
+            
+            const header = document.getElementById('defense-database-header');
+            if (header) {
+              header.scrollIntoView({ behavior: 'smooth' });
+            }
+          });
+        });
+      });
+    </script>
+
+    <h2 id="defense-database-header" style="margin-top: 40px;">Vulnerability Defense Database</h2>
+    <hr>
+    <p style="font-size: 16px; line-height: 1.6;"> 
+      This curated record is not a comprehensive list of all vulnerabilities, but focuses on high-impact CVEs relevant to production Kubernetes environments, specifically tracking critical threats highlighted in official Google Kubernetes Engine (GKE) security bulletins.
+    </p>
+
+    <!-- Nav tabs -->
+    <ul class="nav nav-tabs" role="tablist" style="display: none;">
+      {% for group in grouped_cves %}
+      <li role="presentation" {% if forloop.last %}class="active"{% endif %}>
+        <a href="#year-{{ group.name }}" aria-controls="year-{{ group.name }}" role="tab" data-toggle="tab" style="font-weight: 600;">{{ group.name }} <span class="badge" style="background-color: #666;">{{ group.items | size }}</span></a>
+      </li>
+      {% endfor %}
+    </ul>
+
+    <!-- Tab panes -->
+    <div class="tab-content" style="margin-top: 25px; margin-bottom: 60px;">
+      {% for group in grouped_cves %}
+      <div role="tabpanel" class="tab-pane {% if forloop.last %}active{% endif %}" id="year-{{ group.name }}">
+        <div class="panel-group" id="accordion-{{ group.name }}" role="tablist" aria-multiselectable="true">
+          {% assign quarter_groups = group.items | group_by_exp: "item", "item.date | slice: 5, 2 | plus: 2 | divided_by: 3 | prepend: 'Q'" %}
+          {% for q_group in quarter_groups %}
+          <div class="panel panel-default" style="border-radius: 4px; margin-bottom: 15px;">
+            <div class="panel-heading" role="tab" id="heading-{{ group.name }}-{{ q_group.name }}" style="padding: 15px 20px; background-color: #fff;">
+              <h4 class="panel-title" style="display: flex; justify-content: space-between; align-items: center;">
+                <a role="button" data-toggle="collapse" data-parent="#accordion-{{ group.name }}" href="#collapse-{{ group.name }}-{{ q_group.name }}" aria-expanded="true" aria-controls="collapse-{{ group.name }}-{{ q_group.name }}" style="text-decoration: none; display: flex; align-items: center; flex-grow: 1;">
+                  <span style="font-size: 18px; font-weight: bold; color: #333;">{{ q_group.name }} {{ group.name }}</span>
+                </a>
+                <span class="badge" style="background-color: #6c757d; padding: 6px 12px; font-size: 13px; border-radius: 12px; margin-left: 15px;">{{ q_group.items | size }} {% if q_group.items.size == 1 %}Vulnerability{% else %}Vulnerabilities{% endif %}</span>
+              </h4>
+            </div>
+            <div id="collapse-{{ group.name }}-{{ q_group.name }}" class="panel-collapse collapse {% if forloop.last %}in{% endif %}" role="tabpanel" aria-labelledby="heading-{{ group.name }}-{{ q_group.name }}">
+              <div class="panel-body" style="background-color: #fcfcfc; padding: 25px 25px 5px 25px; border-top: 1px solid #eee;">
+                {% for item in q_group.items %}
+                <div class="cve-item" style="{% if forloop.last == false %}border-bottom: 1px solid #eee; margin-bottom: 20px; padding-bottom: 20px;{% else %}margin-bottom: 20px;{% endif %}">
+                  <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 15px;">
+                    <div style="display: flex; align-items: center;">
+                      <span style="font-size: 18px; font-weight: 600; margin-right: 15px;">
+                        <a href="https://nvd.nist.gov/vuln/detail/{{ item.cve }}" target="_blank" rel="noopener noreferrer" style="color: #286FD7; text-decoration: none;">{{ item.cve }}</a>
+                      </span>
+                    </div>
+                    <div>
+                      {% if item.saved %}
+                        <span class="label label-success" style="padding: 6px 12px; font-size: 13px; border-radius: 12px;">Defended</span>
+                      {% else %}
+                        <span class="label label-danger" style="padding: 6px 12px; font-size: 13px; border-radius: 12px;">Unmitigated</span>
+                      {% endif %}
+                    </div>
+                  </div>
+                  <div class="row" style="font-size: 15px; line-height: 1.6;">
+                    <div class="col-md-7" style="margin-bottom: 15px;">
+                      <h5 style="font-weight: 600; color: #333; margin-top: 0; margin-bottom: 10px;">Vulnerability Overview &amp; Impact</h5>
+                      <p style="color: #444;">{{ item.description }}</p>
+                      {% if item.saved == false and item.vm_prevented != nil %}
+                        <div style="margin-top: 10px;"><strong>VM Runtime Prevented:</strong> <span style="color: #555;">{% if item.vm_prevented %}Yes{% else %}No{% endif %}</span></div>
+                      {% endif %}
+                    </div>
+                    <div class="col-md-5" style="border-left: 1px solid #e5e5e5;">
+                      <div style="margin-bottom: 6px;"><strong>Escalation Vector:</strong> <span style="color: #555;">{{ item.risk }}</span></div>
+                      <div style="margin-bottom: 6px;"><strong>Target Ecosystem Scope:</strong> <span style="color: #555;">{{ item.scope }}</span></div>
+                    </div>
+                  </div>
+                </div>
+                {% endfor %}
+              </div>
+            </div>
+          </div>
+          {% endfor %}
+        </div>
+      </div>
+      {% endfor %}
+    </div>
+  </div> <!-- end div with padding -->
+</div> <!-- end container -->