Solution sectors / oss-libraries
OSS Libraries
Open source libraries, frameworks, and package ecosystems
generic-library · 138web-framework · 84go · 10npm · 6pypi · 6crates-io · 2packagist · 2maven · 1rubygems · 1nugethexpub
Cumulative CVEs
45,835
across 287 monthly snapshots
Latest month
257
-69.0% MoM · -38.8% YoY
Peak month
1,600
Mar 26
KEV this month
0
70 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| spring | 53 | · | · |
| imagemagick | 28 | · | · |
| openssl | 18 | 1 | · |
| opentelemetry | 12 | · | · |
| djangoproject | 7 | · | · |
| erlang | 7 | · | · |
| nimiq | 7 | · | · |
| samsung open source | 7 | · | · |
| eugeny | 6 | · | · |
| remix-run | 6 | · | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| generic-library | 138 | 27 | · | 40 | — | imagemagick (28) · openssl (18) · ebpf instrumentation (10) |
| web-framework | 84 | · | · | 11 | — | spring framework (18) · spring security (7) · react-router (6) |
| go | 10 | · | · | 4 | — | github.com/klever-io/klever-go (4) · crypto/x509 (1) · github.com/dexidp/dex (1) |
| — | 7 | · | · | 2 | — | mint (4) · strawberry (3) |
| pypi | 6 | · | · | 4 | — | kafka-python (2) · pip (2) · vantage6 (2) |
| npm | 6 | · | · | 4 | — | @agenticmail/mcp (1) · @cap-js/openapi (1) · js-cookie (1) |
| crates-io | 2 | · | · | 2 | — | skillctl (1) · tiny-regex-c (1) |
| packagist | 2 | · | · | 1 | — | froxlor/froxlor (1) · wwbn/avideo (1) |
| rubygems | 1 | · | · | 1 | — | spree (1) |
| maven | 1 | · | · | 1 | — | logback (1) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification