GitHub
We've curated 13 cybersecurity statistics about GitHub to help you understand how vulnerabilities in open-source code and supply chain threats are being addressed in 2025. This insight is crucial for developers and organizations alike!
Related Topics
Showing 1-13 of 13 results
Malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.
Across organizations in Europe, GitHub and Microsoft OneDrive are the most abused platforms for malware distribution, each impacting 10% of organizations.
24.82% of repositories predate GitHub’s 2023 default token hardening and may retain legacy access settings.
In 2025, 28.65 million new hardcoded secrets were found in new public GitHub commits, a 34% increase from the previous year.
12% of organizations detected employee exposure to malware via GitHub each month in 2025.
The total valuation of the companies with verified secret leaks is over $400B.
In one specific case (an AI50 Company with no disclosure permission), a HuggingFace token found in a deleted fork allowed access to about 1K private models. The leak also included multiple WeightsAndBiases API keys belonging to organizational employees that leaked training data for many private models
Almost half of the disclosures regarding leaked secrets by leading AI companies on GitHub either failed to reach the target or received no response.
65% of the 50 leading AI companies analyzed had leaked verified secrets on GitHub.
The company with the largest footprint without an exposed secret had 60 public repositories and 28 organization members.
The company with the smallest footprint that still had verified leak instances had 0 public repositories and 14 organization members.
There are a total of 20,000 MCP server implementations on GitHub.
There are an estimated 20,000 repositories in GitHub implementing open-source Model Context Protocol (MCP) servers.