Open-source software projects continue to struggle with handling sensitive information, according to automated scans of hundreds of millions of commits to code repositories.

Software-security toolmaker DeepCode found that four of the seven vulnerabilities classes with the greatest impact on the security of software projects had to do with failures to protect data. The categories of Missing Input Data Sanitization and Insecure Password Handling laid claim to the top-two slots on the company’s list of important vulnerability classes. Two other data security issues — Weak Cryptography and Lack of Information Hiding — came in No. 6 and No. 7 on the list, which was published this week.