What caused the drop in GitHub advisories for 2025?

Mostly clearing old, irrelevant vulns—new ones rose 19%.

Why is CWE-79 still king in open source vulns?

XSS everywhere; web apps gonna web.

How bad is npm malware in 2025?

69% jump from campaigns like SHA1-Hulud—scan ruthlessly.

Open Source Vulnerabilities Hit Four-Year Low in 2025: Backlog Cleared, But New Threats Surge

GitHub reviewed just 4,101 open source advisories in 2025—the fewest since 2021. But don't pop the champagne; new vulnerabilities jumped 19%, signaling no safety net yet.

theAIcatchup Apr 07, 2026 3 min read 18 views

Line chart showing decline in GitHub reviewed open source advisories from 2021-2025 with new vuln spike

⚡ Key Takeaways

Reviewed advisories hit 4-year low at 4,101, but new vulns up 19% YoY. 𝕏
CWE shifts: Resource exhaustion and SSRF surged; tagging improved 85%. 𝕏
npm malware spiked 69%; prioritize EPSS + CVSS for real threats. 𝕏

Published by

theAIcatchup

Community-driven. Code-first.

#CVE 2025 #CWE trends #GitHub advisories

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by GitHub Blog

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

React Server Components' Perfect-Score RCE Flaw Exposes Millions of Apps

Anthropic's One-Line Fumble Leaks Billions in Code

Math.random() Bombs Your Next Security Audit

Ethical Hacking's Gold Rush: Skills Shortage Hits $10 Trillion Mark

Stay in the loop