An Empirical Study on Vulnerability Prediction of Open-Source Software Releases