Skip to main content
HomeTopicsGitHub

GitHub

We've curated 13 cybersecurity statistics about GitHub to help you understand how vulnerabilities in open-source code and supply chain threats are being addressed in 2025. This insight is crucial for developers and organizations alike!

Showing 1-13 of 13 results

Malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.

CrowdStrike6/15/2026
Supply ChainOpen Source

Across organizations in Europe, GitHub and Microsoft OneDrive are the most abused platforms for malware distribution, each impacting 10% of organizations.

Netskope5/31/2026
Malware DistributionMicrosoft OneDrive

24.82% of repositories predate GitHub’s 2023 default token hardening and may retain legacy access settings.

Orca Security5/27/2026
RepositoriesAccess Control

In 2025, 28.65 million new hardcoded secrets were found in new public GitHub commits, a 34% increase from the previous year.

The State of Secrets Sprawl 20265/27/2026
Hardcoded Secrets

12% of organizations detected employee exposure to malware via GitHub each month in 2025.

Netskope1/13/2026
MalwareUser Behavior

The total valuation of the companies with verified secret leaks is over $400B.

Wiz11/16/2025
AI companyLeaked verified secret

In one specific case (an AI50 Company with no disclosure permission), a HuggingFace token found in a deleted fork allowed access to about 1K private models. The leak also included multiple WeightsAndBiases API keys belonging to organizational employees that leaked training data for many private models

Wiz11/16/2025
AI companyLeaked verified secret

Almost half of the disclosures regarding leaked secrets by leading AI companies on GitHub either failed to reach the target or received no response.

Wiz11/16/2025
AI companyLeaked verified secret

65% of the 50 leading AI companies analyzed had leaked verified secrets on GitHub.

Wiz11/16/2025
AI companyLeaked verified secret

The company with the largest footprint without an exposed secret had 60 public repositories and 28 organization members.

Wiz11/16/2025
AI companyLeaked verified secret

The company with the smallest footprint that still had verified leak instances had 0 public repositories and 14 organization members.

Wiz11/16/2025
AI companyLeaked verified secret

There are a total of 20,000 MCP server implementations on GitHub.

Astrix Security10/15/2025
Model Context Protocol

There are an estimated 20,000 repositories in GitHub implementing open-source Model Context Protocol (MCP) servers.

Astrix Security10/15/2025
Model Context Protocol