Analysis of more than 130,000 applications found fewer applications with vulnerabilities but more with at least one high-severity flaw. Python and JavaScript had the fewest flaws, with cryptographic issues affecting most Python applications at 35%, and cross-site scripting affecting the most JavaScript applications at 32%. PHP programs had significant levels of vulnerabilities, with PHP having significant vulnerabilities. PHP has significant vulnerabilities due to indirect importing of third-party code, while JavaScript applications import a significant number of dependencies, raising its attack surface.”]