Vulnerabilities in popular open source projects more than doubled in 2019