A timeline of recent open source CVE intensity and volume

Name: A timeline of recent open source CVE intensity and volume
Availability: InStock
Author: mariusvaporware

by mariusvaporware·May 21, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidDark HorseNiche Gem

Heatmap of CVE volume over time reveals supply chain vulnerability trends.

Strengths

•Zero backend architecture with static JSON updated by GitHub Actions.
•Visualizes vulnerability intensity across ecosystems like npm, PyPI, and crates.io.
•Tooltips link directly to actionable high/critical CVE records.

Weaknesses

•Excludes Linux kernel CVEs due to assignment complexity, limiting coverage.
•Experimental disclaimer undermines reliability for serious security use.

Post Description

I was curious what it would look like if I plotted the intensity and volume of software supply chain CVEs over time, given what seemed like a flood of compromises lately.

It looked exactly as I expected, and I expect it to get worse before it gets better.

Yes, an LLM was used but because I wanted the simplest possible architecture, I steered away from using any back end at all. Instead it's just GitHub pages with a static json document as the source of data, updated daily by a GitHub action which stores and parses the OSV repository.

I wanted to include the Linux kernel but the complexities around how CVEs are assigned there made it difficult -- if I find a simple solution in future I'll add it.