{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreignslnkpq36lu3rknngftelnza5x3jn5a2sa62qggis7rblpfg4fm",
    "uri": "at://did:plc:2ikdxjcpbsuoe6mv3qawmazg/app.bsky.feed.post/3mhynu64cc332"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifcxhgjohlxfqt7hmnq7kk6mt7u6y6pjt45subjbl6eqn2a25labm"
    },
    "mimeType": "image/png",
    "size": 468527
  },
  "path": "/security/supply-chain-security/a-year-of-open-source-vulnerability-trends-cves-advisories-and-malware/",
  "publishedAt": "2026-03-26T16:00:00.000Z",
  "site": "https://github.blog",
  "tags": [
    "Security",
    "Supply chain security",
    "CVE",
    "CVSS",
    "CWE",
    "Dependabot",
    "EPSS",
    "GitHub Security Lab",
    "malware",
    "vulnerability",
    "A year of open source vulnerability trends: CVEs, advisories, and malware",
    "The GitHub Blog"
  ],
  "textContent": "Reviewed advisories hit a four-year low, malware advisories surged, and CNA publishing grew—here’s what changed and what it means for your triage and response.\n\nThe post A year of open source vulnerability trends: CVEs, advisories, and malware appeared first on The GitHub Blog.",
  "title": "A year of open source vulnerability trends: CVEs, advisories, and malware"
}