Tag API and open-source vulnerabilities