The researchers, also trawled through a website where many developers upload and share the code behind their apps and programmes.
The most widely used insecure code blocks turned up in more than 2,800 separate projects on the Github website, they found.
The research team, involving experts at Canadian and Iranian universities, focused on the C++ programming language, which is used in a huge variety of projects, from small programs to large distributed systems.
The team informed those they found using the problematic code chunks on Github that they may have introduced security risks into their apps and programmes.
But only 13% of the developers contacted said they had fixed the code, the researchers said. A similar number declined to fix the bugs.
Some 40% said the code was safe because users could not change it once an app was running.
"The people who are using Stack Overflow, they shouldn't trust it fully," said Prof Ashkan Sami, a computer scientist at Shiraz University in Iran who co-wrote the study.
"It's better for programmers to do it the hard way and learn secure coding," he told The Register tech news site.
Prof Sami said the team had developed an extension for the Chrome browser that checks when code is copied from Stack Overflow and lets coders know if it is poorly written or insecure.