The field of software security is moving towards a deeper understanding of vulnerability management in software ecosystems. Recent studies have highlighted the prevalence and impact of transitive vulnerabilities in dependencies, which can have a ripple effect throughout the ecosystem. The use of deprecated library versions and the presence of Common Vulnerabilities and Exposures (CVEs) are significant concerns, with many projects still relying on vulnerable versions despite official support ending. Researchers are employing survival analysis and mining software repositories to examine the lifetime of CVEs, the resolution of transitive vulnerabilities, and the maintenance practices of pre-trained models in open-source software repositories. Noteworthy papers include: The Ripple Effect of Vulnerabilities in Maven Central, which found that approximately 46.8% of releases are affected by transitive vulnerabilities, and Out of Sight, Still at Risk, which examined the lifecycle of transitive vulnerabilities in the Maven ecosystem. A Dataset of Software Bill of Materials was also presented, providing a dataset of SBOMs for evaluating SBOM consumption tools.