---
id: 20260327-T0-19
title: "GitHub开源漏洞报告降至四年最低，恶意软件激增"
title_en: "GitHub Reports Lowest CVE Advisories in Four Years as Malware Surges"
url: https://ai.daily.yangsir.net/daily/20260327-T0-19
issue_date: 2026-03-27
publish_date: 2026-03-26T16:00:00.000Z
category: news
source_name: "GitHub Blog"
source_url: https://github.blog/security/supply-chain-security/a-year-of-open-source-vulnerability-trends-cves-advisories-and-malware/
---

# GitHub开源漏洞报告降至四年最低，恶意软件激增

GitHub发布年度开源漏洞趋势报告显示，2024年公开的安全公告数量降至四年来最低点，但恶意软件相关警告数量大幅上升。认证机构（CNA）发布的漏洞报告数量同比增长，这可能导致安全团队在漏洞分类和响应时面临更大挑战。报告建议开发者优先关注高风险组件的实时监控，并加强供应链安全审查。

## English Version

**GitHub Reports Lowest CVE Advisories in Four Years as Malware Surges**

GitHub's annual open-source vulnerability trends report reveals public advisories hit a four-year low in 2024, while malware-related warnings surged. Reports from Certification Authorities (CNAs) increased year-over-year, potentially overwhelming security teams during vulnerability triage. The report recommends prioritizing real-time monitoring of high-risk components and strengthening supply chain security reviews.

---

**来源**：[GitHub Blog](https://github.blog/security/supply-chain-security/a-year-of-open-source-vulnerability-trends-cves-advisories-and-malware/)

**详情页**：https://ai.daily.yangsir.net/daily/20260327-T0-19

---

*智语观潮 · Daily — https://ai.daily.yangsir.net/llms.txt*