A year of open source vulnerability trends: CVEs, advisories, and malware

GitHub’s 2025 Advisory Database review summarizes ecosystem and vulnerability trends: 4,101 reviewed advisories, a 69% year-over-year rise in published malware advisories (7,197), 2,903 CVEs published (35% increase), shifts in top CWEs (XSS/CWE-79 remaining dominant, rises in resource exhaustion, unsafe deserialization, SSRF, and reclassifications), improved CWE tagging, ecosystem coverage notes (Go overrepresented), and guidance for prioritization (CVSS/EPSS), use of CNA services, and enabling Dependabot and malware alerts.