What is the official website of OpenJS Foundation ?

The official website of OpenJS Foundation is https://github.com/openjs-foundation.

What is OpenJS Foundation's cybersecurity risk score?

OpenJS Foundation has an AI-generated cybersecurity risk score of 719 out of 1000, indicating a Moderate security posture according to Rankiteo's assessment.

How many security incidents has OpenJS Foundation experienced?

According to Rankiteo, OpenJS Foundation currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has OpenJS Foundation been affected by any supply chain cyber incidents ?

According to Rankiteo, OpenJS Foundation has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: Axios (Incident ID: NODOPEAXI1775479086) OpenJS Foundation (Incident ID: ANYOPEWIN1774686278)

Does OpenJS Foundation have SOC 2 Type 1 certification ?

According to Rankiteo, OpenJS Foundation is not certified under SOC 2 Type 1.

Does OpenJS Foundation have SOC 2 Type 2 certification ?

According to Rankiteo, OpenJS Foundation does not hold a SOC 2 Type 2 certification.

Does OpenJS Foundation comply with GDPR ?

According to Rankiteo, OpenJS Foundation is not listed as GDPR compliant.

Does OpenJS Foundation have PCI DSS certification ?

According to Rankiteo, OpenJS Foundation does not currently maintain PCI DSS compliance.

Does OpenJS Foundation comply with HIPAA ?

According to Rankiteo, OpenJS Foundation is not compliant with HIPAA regulations.

Does OpenJS Foundation have ISO 27001 certification ?

According to Rankiteo,OpenJS Foundation is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does OpenJS Foundation operate in ?

OpenJS Foundation operates primarily in the IT Services and IT Consulting industry.

How many employees does OpenJS Foundation have ?

OpenJS Foundation employs approximately 30 people worldwide.

Does OpenJS Foundation own any subsidiaries ?

OpenJS Foundation presently has no subsidiaries across any sectors.

How many LinkedIn followers does OpenJS Foundation have ?

OpenJS Foundation's official LinkedIn profile has approximately 9,451 followers.

What is the NAICS classification code for OpenJS Foundation ?

OpenJS Foundation is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.

Does OpenJS Foundation have a Crunchbase profile ?

No, OpenJS Foundation does not have a profile on Crunchbase.

Does OpenJS Foundation have a LinkedIn profile ?

Yes, OpenJS Foundation maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/openjs-foundation.

How many cybersecurity incidents has OpenJS Foundation experienced ?

As of June 15, 2026, Rankiteo reports that OpenJS Foundation has experienced 4 cybersecurity incidents.

How many peer or competitor companies does OpenJS Foundation have ?

OpenJS Foundation has an estimated 40,687 peer or competitor companies worldwide.

What types of cybersecurity incidents has OpenJS Foundation faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

OpenJS Foundation

Boost Score +25 with badge (5 left)

719

/1000

Moderate

744

/1000

Moderate

OpenJS Foundation Vendor Cyber Rating & Cyber Score

github.com

Add Your Compliance Badge

The mission of the OpenJS Foundation is to support the healthy growth of JavaScript and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities that benefit the ecosystem as a whole. The OpenJS Foundation is made up of 32 open source JavaScript projects including Appium, Dojo, jQuery, Node.js, and webpack.

OpenJS Foundation A.I CyberSecurity Scoring

Scoring History

OpenJS Foundation

OpenJS Foundation CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

OpenJS Foundation

Cyber Attack

100

3/2026

Axios

NODOPEAXI177547...

OpenJS Foundation

Vulnerability

2/2026

OpenJS Foundati...

ANYOPEWIN177468...

OpenJS Foundation

Vulnerability

11/2025

OPE1764251888.2...

OpenJS Foundation

Vulnerability

100

5/2025

OPE408364011262...

Loading…

A.I.

OpenJS Foundation Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for OpenJS Foundation

Incidents vs IT Services and IT Consulting Industry Avg (This Year)

OpenJS Foundation has 30.72% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

OpenJS Foundation has 86.92% more incidents than the average of all companies with at least one recorded incident.

Incident Types OpenJS Foundation vs IT Services and IT Consulting Industry Avg (This Year)

OpenJS Foundation reported 2 incidents this year: 1 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History - OpenJS Foundation (X = Date, Y = Severity)

Loading…

SUBSIDIARY

OpenJS Foundation Subsidiaries

Parent Company

OpenJS Foundation

IT Services and IT Consulting

Website: https://github.com/openjs-foundation

Company Size: 2-10 employees

No subsidiary data available for this company.

Loading…

OpenJS Foundation Similar Companies

Zebra Technologies

zebra.com

Zebra provides the foundation for intelligent operations with an award-winning portfolio of connected frontline, asset visibility and automation solutions. Organizations globally across retail, manufacturing, transportation, logistics, healthcare, and other industries rely on us to deliver outcomes today while driving innovation for what’s next. Together with our partners, we create new ways of working that improve productivity and empower organizations to be better every day. Learn more at www.zebra.com.

IGT Solutions

igtsolutions.com

IGT Solutions is a next-gen customer experience (CX) company, defining and delivering AI-led transformative experiences for the global and most innovative brands using digital technologies. With the combination of Digital and Human Intelligence, IGT becomes the preferred partner for managing end-to-end CX journeys across Travel and High Growth Tech industries. Established in 1998, with a 100% focus on customer experience, IGT employs more than 25,000 customer experience and technology specialists providing services to 85 marquee customers globally. IGT’s global footprint consists of 31 delivery centers in China, Colombia, Egypt, India, Indonesia, Malaysia, Philippines, Romania, South Africa, Spain, UAE, the US, and Vietnam. IGT is ISO 27001:2013, CMMI SVC Level 5 and ISAE-3402 compliant for IT, and COPC® Certified v6.0, ISO 27001:2013 and PCI DSS 3.2 certified for BPO processes. The organization follows Six Sigma rigor for process improvements.

Capgemini

capgemini.com

Capgemini is an AI-powered global business and technology transformation partner, delivering tangible business value. We imagine the future of organizations and make it real with AI, technology and people. With our strong heritage of nearly 60 years, we are a responsible and diverse group of 420,000 team members in more than 50 countries. We deliver end-to-end services and solutions with our deep industry expertise and strong partner ecosystem, leveraging our capabilities across strategy, technology, design, engineering and business operations. The Group reported 2024 global revenues of €22.1 billion. Make it real | www.capgemini.com

Akkodis

akkodis.com

Akkodis is a global digital engineering company and Smart Industry leader. We enable clients to advance in their digital transformation with Talent, Academy, Consulting, and Solutions services. Our 50,000 experts combine best-in-class technologies, R&D, and deep sector know-how for purposeful innovation. We are passionate about Engineering a Smarter Future Together. With a shared passion for technology and talent, 50,000 engineers and digital experts deliver deep cross-sector expertise in 30 countries across North America, EMEA and APAC. Akkodis offers broad industry experience, and strong know-how in key technology sectors such as mobility, software & technology services, robotics, testing, simulations, data security, AI & data analytics. The combined IT and engineering expertise brings a unique end-to-end solution offering, with four service lines – Consulting, Solutions, Talents and Academy – to support clients in rethinking their product development and business processes, improve productivity, minimize time to market and shape a smarter and more sustainable tomorrow. Akkodis is part of the Adecco Group. The Adecco Group is a leader in delivering expertise in talent and technology, enabling organizations to succeed and people to thrive. www.akkodis.com

Engineering Group

eng.it

Engineering Group is the Digital Transformation Company, leader in Italy and expanding its global footprint, with around 14,000 associates and with over 80 offices spread across Europe, the United States, and South America and global delivery. The Engineering Group, consisting of over 70 companies in 21 countries, has been supporting the continuous evolution of companies and organizations for more than 40 years, thanks to a deep understanding of business processes in all market segments, fully leveraging the opportunities offered by advanced digital technologies and proprietary solutions. It integrates best-of-breed market solutions, managed services, and continues to expand its expertise through M&As and partnerships with leading technology players. The Group strongly invests both in innovation, through its R&I division, and in human capital, with the internal IT & Management Academy. Engineering is a key player in the creation of digital ecosystems that bridge the gap between different markets, while developing composable solutions that ultimately foster a continuous Business transformation. In 2026, Engineering achieved, for the second consecutive year, the Top Employers Italy certification, reaffirming the significant growth process for the company, which is constantly committed to enhancing HR policies to create a work environment centered on the well-being of people.

Iron Mountain

cb ironmountain.com

In the era of AI, your data is your advantage. Yet too often it remains untapped: disconnected from systems, underutilized, untrained, and exposed to risk. Iron Mountain is the trusted partner for organizations of all sizes to unlock what’s possible, transforming information into intelligence and assets into advantage. How? By seamlessly managing digital and physical assets of all kinds across their lifecycle—making them visible, secure, accessible, and AI-ready. From payments to pathology, mortgages to media, fine art to IT, we’ve helped more than 240,000 customers around the world, including 95% of the Fortune 1000, unlock more value from what’s already within reach. All with unparalleled security, governance, and sustainability at every step. What can we unlock together?

Ricoh USA, Inc.

ricoh-usa.com

At Ricoh, we bring people, processes, and technology together to make information work for you. We unlock the power of information so organizations can unlock the full potential of their people. We're a leader in information management and digital services, creating competitive advantage for over 1.4 million businesses across the globe. Our team members serve a vast array of industries, using an innovative mix of people, processes, and technology to free trapped and hidden insights. We believe having access to the right information translates to better business agility, more human experiences, and the ability to thrive in today's age of hybrid and borderless work.

Ingram Micro

ingrammicro.com

Ingram Micro is a leading technology company for the global information technology ecosystem. With the ability to reach nearly 90% of the global population, we play a vital role in the worldwide IT sales channel, bringing products and services from technology manufacturers and cloud providers to a highly diversified base of business-to-business technology experts. Through Ingram Micro Xvantage™, our AI-powered digital platform, we offer what we believe to be the industry’s first comprehensive business-to-consumer-like experience, integrating hardware and cloud subscriptions, personalized recommendations, instant pricing, order tracking, and billing automation. We also provide a broad range of technology services, including financing, specialized marketing, and lifecycle management, as well as technical pre- and post-sales professional support. Learn more at www.ingrammicro.com.

Mastercard

mastercard.com

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Loading…

NEWS

OpenJS Foundation CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 03, 2026 03:28 PM

Q&A: How Can Trust be Built in Open Source Security?

Christopher “Crob” Robinson, Chief Technology Officer and Chief Security Architect at the Open Source Security Foundation (OpenSSF),...

Read Article

January 23, 2026 08:00 AM

Node.js Updated HackerOne Program to Require a Signal of 1.0 or Higher to Submit Vulnerability Reports

Node.js now requires a minimum Signal score of 1.0 for HackerOne reports to improve quality and review efficiency.

Read Article

January 23, 2026 08:00 AM

Node.js Sets New Standard for HackerOne Reports, Demands Signal of 1.0 or Higher

Node.js requiring researchers to maintain a minimum Signal reputation score of 1.0 before submitting vulnerability reports.

Read Article

May 20, 2024 07:00 AM

Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils

OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.

Read Article

April 17, 2024 07:00 AM

Open Source Groups Say More Software Projects May Have Been Targeted for Sabotage

The recent attempt by an unknown actor to sabotage a widely used software program may have been one of several attempts to subvert key...

Read Article

April 16, 2024 07:00 AM

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Security researchers uncover a "credible" takeover attempt on the OpenJS Foundation, mirroring a recent incident with XZ Utils.

Read Article

April 16, 2024 07:00 AM

Hackers tried to breach, disable widely used open-source Java tools, groups warn

The alert comes just after a possible nation state entity attempted to hijack an open-source Linux tool last month.

Read Article

April 16, 2024 07:00 AM

Open Source Groups Warn Of Ongoing Attacks

Open source groups warn of sophisticated social engineering attacks targeting JavaScript and other critical projects All IT news on...

Read Article

April 15, 2024 07:00 AM

Open source groups say more software projects may have been targeted for sabotage

The recent attempt by an unknown actor to sabotage a widely used software program may have been one of several attempts to subvert key...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12191

SUMMARY

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation results in deserialization. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 7.8)

cvss2

Base Score: 6.8

Complexity: LOW

AV:L/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.1

Complexity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-12190

SUMMARY

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 5.3)

cvss2

Base Score: 4.3

Complexity: LOW

AV:L/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 4.8

Complexity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.8

REFERENCES

CVE-2026-12189

SUMMARY

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 5.3)

cvss2

Base Score: 4.3

Complexity: LOW

AV:L/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 1.9

Complexity: LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.8

REFERENCES

CVE-2026-12188

SUMMARY

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 6.3)

cvss2

Base Score: 6.5

Complexity: LOW

AV:N/AC:L/Au:S/C:P/I:P/A:P

cvss3

Base Score: 6.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

2.8

REFERENCES

CVE-2026-12187

SUMMARY

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 4.7 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Published

Date2026-06-14

Updated

Date2026-06-14

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…