NIST has published a fantastic project (its been out since late December, but I only just became aware of it) where they've created vulnerable code test cases for much of MITRE's CWE project in Java and c/c++. From the README
"This archive contains test cases intended for use by organizations and
individuals that wish to study software assurance tools, such as static
source code and binary analysis tools.
What are test cases?
Test cases are pieces of buildable code that can be used to study software
assurance tools. A test case targets exactly one type of flaw, but other,
unrelated flaws may be incidentally present. For example, the test case
"CWE476_NULL_Pointer_Dereference__String_01" targets only a NULL Pointer
Dereference flaw. In addition to the construct containing the target flaw,
each test case contains one or more non-flawed constructs that perform a
function similar to the flawed construct.
A test case may be contained entirely in one source code file or may be split
between multiple files. " - NIST
If you're new to software security and wish to learn what vulnerabilities in code look like, this is a great central repository to get started with.
Project Page: http://samate.nist.gov/SRD/testsuite.php
Java Direct Download: http://samate.nist.gov/SRD/testCases/suites/Juliet-2010-12.java.zip
C/C++ Direct Download: http://samate.nist.gov/SRD/testCases/suites/Juliet-2010-12.c.cpp.zip