77% of 433,000 sites use vulnerable JavaScript libraries

The State of Open Source Security report reveals that 77% of websites use vulnerable JavaScript libraries, with jQuery being the most commonly found library to be carrying known security vulnerabilities, affecting 92.5% of its versions in production. The majority of these vulnerable sites carry more than one known vulnerability, and six out of the top ten libraries have versions available that do not carry these vulnerabilities, but are still in use due to lack of updates. The report highlights the need for improved tooling adoption, increased awareness, and better package management workflows to address this issue and make the web more secure.