Most Exploited Open-Source Vulnerabilities: March 2026

Our monthly analysis of the most dangerous open-source vulnerabilities. March 2026 saw new CISA KEV additions across npm and PyPI, rising EPSS scores on Java libraries, and a continued trend of supply chain attacks targeting build tooling.