GitHub has analyzed over 45,000 active directories and found that open source vulnerabilities often go undetected for more than four years.

Source: Open source vulnerabilities go undetected for over four years – Help Net Security

The State of Open Source Security Vulnerabilities

Resources for Searching and Analyzing Online Information

Advanced Sciences and Technologies for Security Applications