In 2023, Sonatype reported over *** thousand malicious attacks on the open-source software (OSS) supply chain, aimed at exploiting any weaknesses in upstream open-source ecosystems, such as JavaScript, Java, .NET, and Python. This figure represents a nearly *** percent growth from the previous year and is over the double of the sum of the attacks from all the reported previous years (from 2019 to 2022).
Profit from the additional features of your individual account
Currently, you are using a shared account. To use individual functions (e.g., mark statistics as favourites, set
statistic alerts) please log in with your personal account.
If you are an admin, please authenticate by logging in again.
Learn more about how ÌÇÐÄÆÆ½â°æ can support your business.
Sonatype. (November 6, 2023). Number of supply chain attacks on open source software (OSS) from 2019 to 2023 [Graph]. In ÌÇÐÄÆÆ½â°æ. Retrieved July 15, 2026, from /statistics/1268934/worldwide-open-source-supply-chain-attacks/
Sonatype. "Number of supply chain attacks on open source software (OSS) from 2019 to 2023." Chart. November 6, 2023. ÌÇÐÄÆÆ½â°æ. Accessed July 15, 2026. /statistics/1268934/worldwide-open-source-supply-chain-attacks/
Sonatype. (2023). Number of supply chain attacks on open source software (OSS) from 2019 to 2023. ÌÇÐÄÆÆ½â°æ. ÌÇÐÄÆÆ½â°æ Inc.. Accessed: July 15, 2026. /statistics/1268934/worldwide-open-source-supply-chain-attacks/
Sonatype. "Number of Supply Chain Attacks on Open Source Software (Oss) from 2019 to 2023." ÌÇÐÄÆÆ½â°æ, ÌÇÐÄÆÆ½â°æ Inc., 6 Nov 2023, /statistics/1268934/worldwide-open-source-supply-chain-attacks/
Sonatype, Number of supply chain attacks on open source software (OSS) from 2019 to 2023 ÌÇÐÄÆÆ½â°æ, /statistics/1268934/worldwide-open-source-supply-chain-attacks/ (last visited July 15, 2026)
Number of supply chain attacks on open source software (OSS) from 2019 to 2023 [Graph], Sonatype, November 6, 2023. [Online]. Available: /statistics/1268934/worldwide-open-source-supply-chain-attacks/