Surge in Open-Source Vulnerabilities in Commercial Codebases

Surge in Open-Source Vulnerabilities in Commercial Codebases

First seen 26 Feb 2026, 15:13 UTC Feeds2.FeedburnerScworld 91% similarity 47.3

Article Content

Browse articles
ThreatCluster

The 2026 Open Source Security and Risk Analysis report by Black Duck reveals a 107% increase in open-source vulnerabilities in commercial codebases from 2023 to 2024. The average number of vulnerabilities per codebase rose from 280 to 581, driven by a 74% increase in codebase size and a 30% rise in open-source components. Nearly all audited codebases now contain open-source components, heightening security exposure.

ThreatCluster AI

Timeline

2020-04-29
CVE-2020-11023 published
2020-04-29
CVE-2020-11022 published
2024-01-01
Average vulnerabilities per codebase increased from 280 to 581
2024-01-01
Average number of files per codebase increased by 74%
2024-01-01
Average number of open-source components increased by 30%
2026-02-26
Black Duck's 2026 OSSRA report published

Community

Browse all →