|Oracle Patch||Highest Version Affected||RIA Vuln Count||CVSS >= 7.0||Cumulative CVSS >= 7.0|
This information was extracted from Oracle's Critical Patch Updates, Security Alerts and Third Party Bulletin web site.
Using the "April 2013" row as an example, the above reads:
In April 2013 Oracle released a patch for versions of the JRE 7 update 17 and below. The patch fixed 40 RIA* vulnerabilities, of which 28 were rated High risk (CVSS >= 7.0). If your current version of the JRE is 7u17 then it's vulnerable to 82 High risk RIA vulnerabilities that would be mitigated with the latest patch.*Where RIA means Rich Internet Application and refers to Java Applets and Web Start Applications. Vulnerabilities in RIAs are commonly exploited by; phishing email attacks, drive-by-downloads, watering hole attacks, malvertising (i.e. attacks via advertisement networks), etc.
The vulnerability count corresponds to CVE IDs for known vulnerabilities, however that doesn't mean that each of the vulnerabilities has a known exploit. If I had a good source of exploit information I would include those numbers as well. You should assume a significant proportion of the vulnerabilities have known exploits.