An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...