For the programs I've used, many of them had version numbers that don't match what's on the website and some of the reviews were from ages ago. One of the benefits I've seen touted regarding Linux is that installing things is simple because it's just a click, but that seems like something easily exploitable.
Where are you installing stuff from? What distro are you using?
Generally speaking, distros typically pull packages from their own repositories. Some distros and some repositories deliberately hold back large updates so they don't introduce breaking changes, and they just backport security fixes.
You can often change these repositories for equivalent ones that are more bleeding edge.
Downloading software packaged by your distro is almost always going to be more secure than running executables you download from the internet.
Packages from repositories are also usually signed so you know the code you're getting is the same code the developer or maintainer has (ostensibly) vetted and hasn't been tampered with en route.
I second what u/ProletarianDictator said about your distro’s official package manager being more secure than even the official website of the thing you’re trying to download. For the most part, those repositories aren’t something that just anyone can upload to; they’re curated by the same people managing the distro, if that’s what you’re concerned about.
