A study of how 31 popular open-source code libraries were downloaded over the past 12 months found that more than a third of the 1,261 versions of these libraries had a known vulnerability and about a quarter of the downloads were tainted. The most downloaded vulnerable libraries were Google Web Toolkit (GWT) and Spring MVC; and Struts 1.x. The types of vulnerabilities found in open source code libraries vary widely. Developers have no way to know that the library versions they are using have known vulnerabilities.”]