Top 5 Open Source Security Vulnerabilities in December

What are the top vulnerabilities hit our favorite open source projects this December?


While all you hard working folks have hopefully been taking advantage of the jolly month of December for much-needed Christmas and New Years vacations and/or celebrations, our database has continued to aggregate open source projects and vulnerabilities.

Since publishing our Top 10 Vulnerabilities of 2017 list, we’ve received a ton of positive feedback, hearing from our readers that this is a useful resource for keeping up on the most current and pressing vulnerabilities in open source software. Not wanting to disappoint our fans, we’ve decided to make this a monthly thing, and will be bringing you a Top 5 Vulnerabilities list to help make staying on top of open source security just a little bit easier.

This month, some extremely popular and active open source projects were added to the WhiteSource database. Chances are that your developers are using at least a few of them.

Our December Top 5 list is ordered according to how many organizations were affected by the vulnerability and were required to update their project. The list includes only vulnerabilities that were we have classified as Medium, High, or Critical, in the NVD and additional security advisories.

The WhiteSource database continuously monitors and aggregates information from the commonly used National Vulnerability Database (NVD) as well as from a number of publicly available, peer-reviewed open source security advisories, so that we could present you with this list of up-to-date known open source vulnerabilities and their suggested fixes.

So, without further ado, brace yourselves for December’s top 5 vulnerable open source projects.


#1 CPython

Vulnerability score: Critical — 9.8


CPython is an extremely popular open source programming language used to build web applications, as well as having a large variety (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Blog – WhiteSource. Read the original post at: