🤖 AI Dev Tools

Open Source Vulnerabilities Plateau in 2025: New Threats Surge Despite Fewer Alerts

GitHub reviewed just 4,101 advisories in 2025, the lowest since 2021. Don't pop the champagne—new vulnerabilities jumped 19%, and npm malware spiked 69%.

DevTools Feed Apr 02, 2026 4 min read

⚡ Key Takeaways

Reviewed advisories hit 4,101 in 2025 (lowest since 2021), but new vulnerabilities rose 19%.
CWE-79 (XSS) still #1; resource exhaustion and deserialization climbed fast.
npm malware advisories up 69%; Go ecosystem overrepresented by 6%.

Published by

DevTools Feed

Ship faster. Build smarter.

#CVE trends 2025 #CVEs 2025 #GitHub Advisory Database #npm malware #open source vulnerabilities #open source vulnerability trends

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by GitHub Blog

⚡ Key Takeaways

The 60-Second TL;DR

DevTools Feed

Share this article

Worth sharing?

Related Stories

rs-trafilatura + Firecrawl: The Web Scraping Duo That Thinks Like a Journalist

Ditch the API: Test AI Agent Frontends with Real Streams

Rust-Powered rs-trafilatura Supercharges Crawl4AI: 0.910 F1 on Benchmarks

AssemblyAI's 307ms Latency Smokes Agora's STT — Here's the Bot That Proves It

Stay in the loop