Open-source software vulnerabilities