{"id":33805,"date":"2020-03-13T07:05:12","date_gmt":"2020-03-13T07:05:12","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/"},"modified":"2020-03-13T07:05:12","modified_gmt":"2020-03-13T07:05:12","slug":"open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/","title":{"rendered":"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them"},"content":{"rendered":"<p>The number of vulnerabilities in open source projects surged almost 50 per cent in 2019, according to security biz WhiteSource, which can be seen as good news in the sense that you don&#8217;t find what you&#8217;re not looking for.<\/p>\n<p>In its <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.whitesourcesoftware.com\/open-source-vulnerability-management-report\/\">annual vulnerability report<\/a>, the biz attributes the growing vulnerability count with increased awareness of open source security. That&#8217;s a consequence of widespread adoption of open source components and the overall growth of the community in recent years, not to mention media attention of data exposure.<\/p>\n<p>In other words, the bugs were always there but they&#8217;re more visible because we&#8217;re paying closer attention.<\/p>\n<p>Over 6,000 open source vulnerabilities were reported last year, up from just over 4,000.<\/p>\n<p>&#8220;No code is perfect and there are always vulnerabilities that can be found,&#8221; said Rami Sass, CEO and co-founder of WhiteSource, in an email to <em>The Register<\/em>.<\/p>\n<p>&#8220;The problem with open source vulnerabilities is that, like everything in the open source community, once something is reported all the information is public and every beginner hacker can learn the vulnerability and it\u2019s exploitation and then execute it on a large number of applications.&#8221;<\/p>\n<p>On the plus side, 85 per cent of these vulnerabilities get disclosed with a fix, a good sign for responsible disclosure.<\/p>\n<p>But community awareness of vulnerabilities has not translated into effective communication about them. Only 84 per cent of known open source vulnerabilities eventually show up on the National Vulnerability Database (NVD), and often after some delays.<\/p>\n<p>And when vulnerabilities get reported outside the NVD, only 29 per cent eventually get published there, according to WhiteSource&#8217;s figures. That means vulnerability information may not be easy to find and fewer flaws are likely to get fixed in a timely manner.<\/p>\n<p>Nonetheless, WhiteSource credits community-focused initiatives like GitHub&#8217;s Security Lab with helping security researchers, project maintainers, and software users report issues and centralize information more easily.<\/p>\n<p>The survey also looked at the number of open source project vulnerabilities by programming language and how those numbers have changed over time.<\/p>\n<table cellpadding=\"2\">\n<tr>\n<th>Language<\/th>\n<th>2009-2018<\/th>\n<th>2019<\/th>\n<\/tr>\n<tr>\n<td>C<\/td>\n<td>47%<\/td>\n<td>30%<\/td>\n<\/tr>\n<tr>\n<td>C#<\/td>\n<td>6%<\/td>\n<td>9%<\/td>\n<\/tr>\n<tr>\n<td>Java<\/td>\n<td>11%<\/td>\n<td>15%<\/td>\n<\/tr>\n<tr>\n<td>JavaScript<\/td>\n<td>10%<\/td>\n<td>10%<\/td>\n<\/tr>\n<tr>\n<td>PHP<\/td>\n<td>15%<\/td>\n<td>27%<\/td>\n<\/tr>\n<tr>\n<td>Python<\/td>\n<td>6%<\/td>\n<td>5%<\/td>\n<\/tr>\n<tr>\n<td>Ruby<\/td>\n<td>5%<\/td>\n<td>4%<\/td>\n<\/tr>\n<\/table>\n<p>WhiteSource says C still has the highest percentage of vulnerabilities because it&#8217;s the most popular language in terms of lines of code, but has trended downward as other languages have become more popular.<\/p>\n<p>The report notes, however, that &#8220;PHP\u2019s relative number of vulnerabilities has risen significantly, while there\u2019s no indication of the same rise in popularity. &#8220;<\/p>\n<p>Python meanwhile has managed to have a low percentage of vulnerabilities with high popularity. &#8220;Hopefully, this is a result of secure coding practices and not lax security research for Python projects,&#8221; the report says.<\/p>\n<p>The most common Common Weakness Enumerations (CWEs) for 2019 were:<\/p>\n<table cellpadding=\"2\">\n<tbody readability=\"1\">\n<tr>\n<td>CWE-79<\/td>\n<td>Cross-Site Scripting<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CWE-20<\/td>\n<td>Improper Input Validation<\/td>\n<\/tr>\n<tr>\n<td>CWE-119<\/td>\n<td>Buffer Errors<\/td>\n<\/tr>\n<tr>\n<td>CWE-125<\/td>\n<td>Out-of-bound Read<\/td>\n<\/tr>\n<tr>\n<td>CWE-200<\/td>\n<td>Information Exposure<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>When analyzed by programming language, the top three for all but C were:<\/p>\n<table cellpadding=\"2\">\n<tbody readability=\"1\">\n<tr>\n<td>CWE-79<\/td>\n<td>Cross-Site Scripting<\/td>\n<\/tr>\n<tr>\n<td>CWE-200<\/td>\n<td>Information Exposure<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>CWE-20<\/td>\n<td>Improper Input Validation<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>WhiteSource attributes the commonality of these flaws across languages to the use of automated scanning tools that know how to find these specific issues. Also, the firm notes, that Information Exposure is just a general issue across languages.<\/p>\n<p>&#8220;CWE-79 (cross site scripting) is one of the easiest vulnerabilities to exploit for attackers, since there are many automated tools which make it approachable even for a &#8216;rookie&#8217; hacker,&#8221; said Sass, noting that CWE represents a category rather than a specific flaw.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2019\/08\/14\/caesar_shutterstock.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"caesar\"><\/p>\n<h2 title=\"Beware the denials of service: Netflix warns of eight networking bugs\">HTTP\/2, Brute! Then fall, server. Admin! Ops! The server is dead<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2019\/08\/14\/http2_flaw_server\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>&#8220;Following the huge usage growth in the open source community, attackers are starting to see the potential in exploiting open source vulnerabilities. CWE-79 vulnerabilities are the go-to vulnerability for an easy and effortless hack. Taking this in mind, it\u2019s quite logical that this massive increase occurred.&#8221;<\/p>\n<p>With a rising number of vulnerability reports, development teams benefit from being able to prioritize the fixing of critical bugs before looking at less severe ones. That has become more complicated, thanks to changes in the way the Common Vulnerability Scoring System (CVSS) rates the severity of flaws.<\/p>\n<p>CVSSv2 debuted in June 2007 and CVSSv3 appeared in June 2015, with CVSSv3.1 showing up in June 2019. Each offers a slightly different definition of what constitutes a high severity vulnerability.<\/p>\n<p>According to WhiteSource, the biggest change came with the shift from v2 to v3, which redefined a 7.6 severity bug (out of 10) under v2 as a 9.8 bug under v3.<\/p>\n<p>Under v3.1, the severity distribution is not a normal distribution, WhiteSource contends, with 17 per cent of vulnerabilities being critical and only 2 per cent rated low.<\/p>\n<p>That means more than half of rated bugs are either critical or high-severity, which makes it difficult to prioritize when pretty much everything should be fixed right away.<\/p>\n<p>&#8220;As the number of reported vulnerabilities increases, the urgency to patch those vulnerabilities rises,&#8221; said Sass. &#8220;However, development teams are struggling to keep up with the pace.&#8221; \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1901\/-8266\/quit-your-addiction-to-storage?td=wptl1901\">Quit your addiction to storage<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2020\/03\/13\/open_source_bugs\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Can&#8217;t fix flaws if you don&#8217;t look for them The number of vulnerabilities in open source projects surged almost 50 per cent in 2019, according to security biz WhiteSource, which can be seen as good news in the sense that you don&#8217;t find what you&#8217;re not looking for.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":33806,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-33805","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-13T07:05:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them\",\"datePublished\":\"2020-03-13T07:05:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/\"},\"wordCount\":835,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/\",\"name\":\"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg\",\"datePublished\":\"2020-03-13T07:05:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/","og_locale":"en_US","og_type":"article","og_title":"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-03-13T07:05:12+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them","datePublished":"2020-03-13T07:05:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/"},"wordCount":835,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/","url":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/","name":"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg","datePublished":"2020-03-13T07:05:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/open-source-bug-bonanza-vulnerabilities-up-almost-50-per-cent-thanks-to-people-actually-looking-for-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=33805"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33805\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/33806"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=33805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=33805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=33805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}