RiskSense has analyzed 54 open source projects in which nearly 2,700 vulnerabilities were reported between 2015 and March 2020. Overall, the Jenkins automation server and MySQL had the most vulnerabilities reported during this timeframe, with more than 600 flaws each. For each of these pieces of software, 15 vulnerabilities were weaponized (i.e. public exploit code exists).

Some projects, such as Vagrant, Alfresco and Artifactory have only a few vulnerabilities, but high weaponization rates. For example, only 9 flaws have been found in Vagrant and Alfresco, but 6 and 3 of them were weaponized, respectively.