“2025 Open Source Security and Risk Analysis” Report

91% of audited applications contain outdated open source software components.

86% of audited applications contained open source vulnerabilities, with 81% containing high- or critical-risk vulnerabilities.

The number of open source files in an average application has tripled over the last four years.

64% of open source components were transitive dependencies.

56% of all audited applications had license conflicts.

97% of all applications evaluated contained open source software.

Nearly 30% of component license conflicts were caused by transitive dependencies.

90% of the applications contain components more than 10 versions behind the most current version.

33% had open source software components with no license or a customized license.