It makes for pretty interesting reading. There are 211 exploits on the list, with 117 of them described as confirmed 0day.
You can find the list here.
As far as Risky.Biz is aware, these guys do not contact vendors and give them details on 0day they acquire. While to most that would seem the right thing to do, it's directly opposed to InteVyDis' commercial interests.
A fixed bug is a dead bug. Why slash the value of your own product?
We would love to hear from readers on this in the forums. Do you think a business model that involves selling 0day without notifying vendors is inherently immoral?