Open Source Malware and
Vulnerabilities Resources
Learn about the danger of open source malware and software vulnerabilities.
Featured
Whitepaper
Download Whitepaper
Gartner® Report: How to Respond to the Threat Landscape in a Volatile, Complex and Ambiguous World
View Glossary
Watch On Demand
The difference between vulnerabilities and open source malware
Vulnerability vs. Malware
-
Vulnerable Open Source Component
is a legitimate open source component where a good action inadvertently introduced risk
-
Open Source Malware
Is a malicious component that a bad actor has created for the purpose of introducing risk via the dev / build toolchain.
Latest Malware News
Read More
Read More
Read More
Read More
Influential cyber incidents, open source
malware, and vulnerabilities
JULY 2024
MAR 2024
DEC 2023
AUG 2023
DEC 2022
DEC 2021
APR 2021
DEC 2020
MAY 2020
CrowdStrike
This incident, while not a vulnerability nor malware, underscored how routine software updates can escalate into widespread digital crises.
XZ
This vulnerability in the XZ and liblzma compression utilities facilitated a supply chain attack that enabled the infiltration of malware into Linux distribution.
Struts2
This vulnerability in Apache Struts2 makes it possible to enable unauthorized remote code execution through manipulated file uploads.
HTTP/2 Rapid Reset
A vulnerability in the HTTP/2 protocol that allowed attackers to launch distributed denial of service (DDoS) attacks, disrupting web services globally.
PyTorch
Attackers compromised a nightly build of the popular machine learning library PyTorch by inserting a malicious dependency.
Log4Shell
A critical vulnerability in the widely used Log4j logging library, leading to severe security risks across millions of devices and applications worldwide.
Codecov
Attackers gained access to Codecov’s Bash Uploader script, compromising customer environments, tokens, and secrets for an extended period before detection.
SolarWinds
Attackers inserted malicious code into SolarWinds’ Orion software, impacting thousands of organizations, government agencies, and large corporations.
Octopus Scanner
A malware strain that specifically targeted open source software on GitHub, infecting build processes and spreading through software supply chains.
Whitepapers
Whitepaper
Download Whitepaper
Gartner® Report: How to Respond to the Threat Landscape in a Volatile, Complex and Ambiguous World
Whitepaper
Download Whitepaper
From reactive to proactive: tracing the time and effort saved by blocking malicious components early
Download Whitepaper
Sonatype Repository Firewall prevented a $5.5 million malware threat for a Fortune 200 financial institution
Sonatype Repository Firewall quickly detected over 75 malware attacks that had bypassed a major financial institution’s custom systems
Sonatype Repository Firewall prevented more than 2.8 million malicious downloads
Intercept open source malware
Sonatype Repository Firewall prevented a $5.5 million open source malware threat for a Fortune 200 financial institution
Sonatype Repository Firewall quickly detected over 75 malware attacks that had bypassed a major financial institution’s custom systems
Sonatype Repository Firewall prevented more than 2.8 million malicious open source malware downloads
Webinars
Watch On Demand
Watch On Demand
Watch On Demand
Watch On Demand
The average application contains
23 known open source vulnerabilities.
Interested in understanding if your applications are at risk?