The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience.

The GitHub Blog provides updates, announcements, and insights from the world's leading software development platform, covering topics such as new features, community highlights, and industry trends. Developers can learn about GitHub's latest developments, best practices for collaboration, and tips for maximizing productivity on the platform.

GitHub Blog

GitHub's Secure Open Source Fund completed its third session, providing $670K to 67 critical open source projects including Python, Node.js, curl, and pandas. Across all three sessions, 138 projects received $1.38M in funding, resulting in 191 new CVEs issued, 500+ CodeQL alerts fixed, and 600+ leaked secrets resolved. The program helps maintainers shift from reactive patching to proactive security work through direct funding, hands-on training, and expert support. Projects span core languages, networking libraries, build systems, data science tools, and security frameworks that collectively power billions of monthly downloads.

Securing the AI software supply chain: Security results across 67 open source projects

Why securing critical open source projects matters

How the GitHub Secure Open Source Fund works

Where security work happened in Session 3

Web, networking, and core infrastructure libraries

Build systems, CI/CD, and release tooling

Data science, scientific computing, and AI foundations

Developer tools and productivity utilities

Identity, secrets, and security frameworks

What’s next: Help us make open source more secure