I wouldn't expect such a list to exist since I can't imagine anyone wanting to be curating such a list. And I don't expect any vendor of a network appliance to want to be in a public facing role of testing every new exploit framework payload with all available evasion techniques tried against an existing product... as it'd be a depressing task. I have to imagine vendors clueful enough to be doing such self efficacy testing would want to keep that sausage making process behind the factory door. Going public with the results of such when no other vendors are doing so would just lead to competitive disadvantage.
That all said though, one of the biggest bangs web gateway can do for ya that doesn't involve anti-malware... if you can get buy in, block all Java filetypes, extensions, and user agents at the gateway except for a whitelist of sites your business has a legit business need to access java component from.