June 22, 20230 mins read
Open source code is a vital aspect of modern development. It allows developers to increase their application’s functionality, while reducing overall development time. However, the system isn’t perfect. The nature of third party software and it’s dependencies often creates opportunity for security vulnerabilities to lurk in libraries and downloads.
In order to concentrate on repositories with a possible impact, the research entailed filtering down repositories based on star count and particular keywords. In total, 11,900 repositories were examined, and 1,229,601 vulnerabilities in 15,584 vulnerable dependency files were found.
Deserialization of Untrusted Data was the most prevalent vulnerability type with a whopping 130,831 occurrences in Java repositories, by making it 40 per cent of the total vulnerabilities identified.
16,590 vulnerabilities were High or Critical among the 72,082 vulnerabilities found in the Python repositories' 2,602 dependency files.
Last but not least, In Ruby repositories, 50% of the vulnerabilities are in the Critical or High categories.
The top ten researchers who reported the most vulnerabilities are also highlighted in the study.
Download the report today to learn more about the approach, methodology, and results of this exciting study with RedHunt Labs.