** In 2021, the research team at SonarSource discovered critical vulnerabilities in several popular open-source applications, including WordPress, Zimbra, LocalStack, Rocket.Chat, and SmartStoreNet. These findings were reported to vendors and resulted in over 60 CVEs being issued. The team also discovered vulnerabilities in Composer and GoCD that could have been used to launch supply chain attacks. Additionally, they presented their research at conferences such as Hacktivity Budapest and participated in Capture the Flag contests. The team was nominated for Pwnie Awards in three categories but did not win. They are already working on new vulnerability findings and will present at upcoming conferences.