🤖 AI Dev Tools

Open Source Vulnerabilities Plateau in 2025: New Threats Surge Despite Fewer Alerts

GitHub reviewed just 4,101 advisories in 2025, the lowest since 2021. Don't pop the champagne—new vulnerabilities jumped 19%, and npm malware spiked 69%.

James Kowalski 📅 Apr 02, 2026 ⏱️ 4 min read 👁️ 0 views
Line chart showing open source vulnerability advisories from 2021 to 2025 with CWE rankings inset

⚡ Key Takeaways

  • Reviewed advisories hit 4,101 in 2025 (lowest since 2021), but new vulnerabilities rose 19%.
  • CWE-79 (XSS) still #1; resource exhaustion and deserialization climbed fast.
  • npm malware advisories up 69%; Go ecosystem overrepresented by 6%.

🧠 What's your take on this?

Cast your vote and see what DevTools Feed readers think

James Kowalski
Written by

James Kowalski

Investigative tech reporter focused on AI ethics, regulation, and societal impact.

#CVE trends 2025 #CVEs 2025 #GitHub Advisory Database #npm malware #open source vulnerabilities #open source vulnerability trends

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by GitHub Blog

Related Stories

📬

Stay in the loop

The week's most important stories from DevTools Feed, delivered once a week.

No spam. Unsubscribe any time.