Security Findings

ImageMagick is one of the most widely deployed image-processing libraries in the world, embedded in PHP, Python, Ruby, and Node.js stacks across millions of websites including Wikipedia, WordPress, Instagram, and Facebook. With more than 25 years of history and over 11,000 GitHub stars, vulnerabilities in ImageMagick have historically forced industry-wide patching affecting hundreds of millions of users (e.g. the 2016 "ImageTragick" disaster).

Caddy is a modern open-source web server written in Go with more than 60,000 GitHub stars, increasingly positioned as the next-generation alternative to Nginx and Apache. Known for its automatic HTTPS via Let's Encrypt and zero-config defaults, Caddy is used by enterprises and indie developers alike to serve hundreds of thousands of production websites and microservices.

n8n is the leading open-source workflow-automation platform, with more than 90,000 GitHub stars and over 200,000 active workflows running in production at companies such as Cisco, Delivery Hero, and Microsoft. Often positioned as the open-source alternative to Zapier and Make, n8n is used by tens of thousands of teams to integrate APIs, automate business processes, and orchestrate AI agents.

Frappe is a full-stack open-source Python/JavaScript web framework that serves as the foundation for ERPNext - one of the world's most-deployed open-source ERP systems. With more than 6,500 GitHub stars and a thriving community of self-hosting businesses, Frappe is used to run mission-critical enterprise applications across more than 1,000 companies in over 100 countries.

PraisonAI is a fast-growing open-source multi-agent AI framework that lets developers orchestrate teams of LLM agents through low-code and no-code interfaces. It surpassed 5,000 GitHub stars in its first year and is increasingly adopted by AI startups and enterprises building autonomous-agent workflows on top of GPT, Claude, and open-source LLMs.

LangChain is the world's most popular framework for building LLM-powered applications, with more than 90,000 GitHub stars and tens of millions of monthly downloads on PyPI and npm. Used by virtually every major AI startup and Fortune 500 company experimenting with generative AI, LangChain forms the backbone of agent and RAG architectures across the entire industry.

EMQX is the world's most scalable open-source MQTT broker, capable of handling more than 100 million concurrent IoT connections per cluster, and is used by Fortune 500 companies including HPE, Volkswagen, SAIC, Ericsson, and Siemens. Powering critical IoT infrastructure across automotive, manufacturing, energy, and smart-city deployments, EMQX has more than 14,000 GitHub stars and is the de-facto MQTT engine for industrial IoT.

Wekan is the most popular open-source kanban-board platform - widely regarded as the open alternative to Trello - with more than 19,000 GitHub stars. Self-hosted by governments, universities, and privacy-conscious enterprises across Europe and beyond, Wekan ships with Sandstorm, Cloudron, Univention, and Snap Store, with active deployments across tens of thousands of organisations.

ERPNext is the world's largest open-source ERP platform, used by more than 10,000 companies - from manufacturers and hospitals to government agencies - across 100+ countries to run accounting, HR, inventory, manufacturing, and CRM operations. Often referred to as the "open-source SAP", ERPNext competes directly with proprietary suites costing tens of thousands of dollars per seat.

ERPNext is the world's largest open-source ERP platform, used by more than 10,000 companies - from manufacturers and hospitals to government agencies - across 100+ countries to run accounting, HR, inventory, manufacturing, and CRM operations. Often referred to as the "open-source SAP", ERPNext competes directly with proprietary suites costing tens of thousands of dollars per seat.

ERPNext is the world's largest open-source ERP platform, used by more than 10,000 companies - from manufacturers and hospitals to government agencies - across 100+ countries to run accounting, HR, inventory, manufacturing, and CRM operations. Often referred to as the "open-source SAP", ERPNext competes directly with proprietary suites costing tens of thousands of dollars per seat.

Joomla! is one of the world's most popular open-source content management systems, ranking among the top three CMS platforms alongside WordPress and Drupal. It powers an estimated 1.5 million websites globally - including portals operated by government agencies, universities, and Fortune 500 companies - and has been downloaded over 110 million times since 2005, maintained by a global community of thousands of contributors.

Joomla! is one of the world's most popular open-source content management systems, ranking among the top three CMS platforms alongside WordPress and Drupal. It powers an estimated 1.5 million websites globally - including portals operated by government agencies, universities, and Fortune 500 companies - and has been downloaded over 110 million times since 2005, maintained by a global community of thousands of contributors.

Exchange Reporter Plus is an enterprise reporting, auditing, and monitoring tool for Microsoft Exchange Server and Exchange Online, developed by Zoho's ManageEngine division. As part of the ManageEngine portfolio - used by more than 280,000 organisations including 9 of every 10 Fortune 100 companies - it manages mail-flow visibility and compliance reporting for some of the world's largest enterprise mail deployments.

Exchange Reporter Plus is an enterprise reporting, auditing, and monitoring tool for Microsoft Exchange Server and Exchange Online, developed by Zoho's ManageEngine division. As part of the ManageEngine portfolio - used by more than 280,000 organisations including 9 of every 10 Fortune 100 companies - it manages mail-flow visibility and compliance reporting for some of the world's largest enterprise mail deployments.

Exchange Reporter Plus is an enterprise reporting, auditing, and monitoring tool for Microsoft Exchange Server and Exchange Online, developed by Zoho's ManageEngine division. As part of the ManageEngine portfolio - used by more than 280,000 organisations including 9 of every 10 Fortune 100 companies - it manages mail-flow visibility and compliance reporting for some of the world's largest enterprise mail deployments.

Exchange Reporter Plus is an enterprise reporting, auditing, and monitoring tool for Microsoft Exchange Server and Exchange Online, developed by Zoho's ManageEngine division. As part of the ManageEngine portfolio - used by more than 280,000 organisations including 9 of every 10 Fortune 100 companies - it manages mail-flow visibility and compliance reporting for some of the world's largest enterprise mail deployments.

Exchange Reporter Plus is an enterprise reporting, auditing, and monitoring tool for Microsoft Exchange Server and Exchange Online, developed by Zoho's ManageEngine division. As part of the ManageEngine portfolio - used by more than 280,000 organisations including 9 of every 10 Fortune 100 companies - it manages mail-flow visibility and compliance reporting for some of the world's largest enterprise mail deployments.

Exchange Reporter Plus is an enterprise reporting, auditing, and monitoring tool for Microsoft Exchange Server and Exchange Online, developed by Zoho's ManageEngine division. As part of the ManageEngine portfolio - used by more than 280,000 organisations including 9 of every 10 Fortune 100 companies - it manages mail-flow visibility and compliance reporting for some of the world's largest enterprise mail deployments.

Astro is a modern open-source web framework used by NASA, Google, IBM, The Guardian, Trivago, and Firebase to build content-heavy websites. With more than 50,000 GitHub stars and over 2 million weekly npm downloads, it has become the de-facto choice for content-first sites that demand extreme performance through its "zero JS by default" architecture.