GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-3248 Hot Langflow Unauth RCE
v3.1 CRITICAL Score: 9.8
6 2025-06-19 11:58 UTC
2 CVE-2025-33053 Hot Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
v3.1 HIGH Score: 8.8
5 2025-06-18 23:56 UTC
3 CVE-2025-33073 Hot Windows SMB Client Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
5 2025-06-15 11:56 UTC
4 CVE-2025-49113 n/a
v3.1 CRITICAL Score: 9.9
5 2025-06-17 23:56 UTC
5 CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
v4.0 MEDIUM Score: 6.9
3 2025-06-18 11:56 UTC
6 CVE-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8
v3.1 HIGH Score: 7.1
2 2025-06-12 21:17 UTC
7 CVE-2019-15107 n/a n/a 2 2025-06-19 11:58 UTC
8 CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation n/a 2 2025-06-14 09:17 UTC
9 CVE-2023-1698 WAGO: WBM Command Injection in multiple products
v3.1 CRITICAL Score: 9.8
2 2025-06-15 17:56 UTC
10 CVE-2025-4123 n/a
v3.1 HIGH Score: 7.6
2 2025-06-17 11:56 UTC
11 CVE-2019-14811 n/a
v3.0 HIGH Score: 7.3
2 2025-06-15 23:56 UTC
12 CVE-2025-44203 n/a n/a 2 2025-06-18 23:56 UTC
13 CVE-2025-49619 n/a
v3.1 HIGH Score: 8.5
2 2025-06-15 11:56 UTC
14 CVE-2023-6401 NotePad++ dbghelp.exe uncontrolled search path
v3.1 MEDIUM Score: 5.3
2 2025-06-18 23:56 UTC
15 CVE-2024-4577 Argument Injection in PHP-CGI
v3.1 CRITICAL Score: 9.8
2 2025-06-15 11:56 UTC
16 CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows n/a 2 2025-06-14 15:17 UTC
17 CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
2 2025-06-17 23:56 UTC
18 CVE-2025-5964 Path traversal in M-Files API
v4.0 HIGH Score: 8.4
2 2025-06-17 05:56 UTC
19 CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update
v3.1 MEDIUM Score: 5.3
2 2025-06-13 09:17 UTC
20 CVE-2025-31650 Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame n/a 2 2025-06-13 15:17 UTC
21 CVE-2025-2783 n/a n/a 2 2025-06-17 05:56 UTC
22 CVE-2015-1578 n/a n/a 2 2025-06-19 05:56 UTC
23 CVE-2025-24071 Microsoft Windows File Explorer Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
2 2025-06-13 09:17 UTC
24 CVE-2025-4009 n/a n/a 2 2025-06-13 21:17 UTC
25 CVE-2016-3088 n/a n/a 2 2025-06-16 11:56 UTC
26 CVE-2025-26198 n/a n/a 1 2025-06-18 23:56 UTC
27 CVE-2025-5287 n/a n/a 1 2025-06-16 23:56 UTC
28 CVE-2021-40724 Adobe Acrobat Reader Android Abritrary Code Execution Vulnerability
v3.1 HIGH Score: 7.8
1 2025-06-15 17:56 UTC
29 CVE-2025-2135 n/a n/a 1 2025-06-17 11:56 UTC
30 CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
v3.1 CRITICAL Score: 10
1 2025-06-15 17:56 UTC
31 CVE-2010-1872 n/a n/a 1 2025-06-14 21:17 UTC
32 CVE-2025-46181 n/a n/a 1 2025-06-14 09:17 UTC
33 CVE-2014-6271 n/a n/a 1 2025-06-14 15:17 UTC
34 CVE-2025-20125 Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability
v3.1 CRITICAL Score: 9.1
1 2025-06-16 11:56 UTC
35 CVE-2025-20124 Cisco Identity Services Engine Java Deserialization Vulnerability
v3.1 CRITICAL Score: 9.9
1 2025-06-16 11:56 UTC
36 CVE-2025-21420 Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-06-12 21:17 UTC
37 CVE-2024-54772 n/a n/a 1 2025-06-12 21:17 UTC
38 CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
1 2025-06-14 09:17 UTC
39 CVE-2025-43200 n/a n/a 1 2025-06-17 17:56 UTC
40 CVE-2025-26199 n/a n/a 1 2025-06-19 05:56 UTC
41 CVE-2025-32710 Windows Remote Desktop Services Remote Code Execution Vulnerability
v3.1 HIGH Score: 8.1
1 2025-06-18 11:56 UTC
42 CVE-2025-6019 n/a n/a 1 2025-06-19 05:56 UTC
43 CVE-2025-2324565 n/a n/a 1 2025-06-14 09:17 UTC
44 CVE-2025-5288 REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function
v3.1 CRITICAL Score: 9.8
1 2025-06-12 21:17 UTC
45 CVE-2024-28995 SolarWinds Serv-U L Directory Transversal Vulnerability
v3.1 HIGH Score: 8.6
1 2025-06-15 11:56 UTC
46 CVE-2025-49125 n/a n/a 1 2025-06-16 17:56 UTC
47 CVE-2024-9264 Grafana SQL Expressions allow for remote code execution
v4.0 CRITICAL Score: 9.4
1 2025-06-15 05:56 UTC
48 CVE-2025-46157 n/a n/a 1 2025-06-13 21:17 UTC
49 CVE-2025-46171 n/a n/a 1 2025-06-17 17:56 UTC
50 CVE-2024-0204 Authentication Bypass in GoAnywhere MFT
v3.1 CRITICAL Score: 9.8
1 2025-06-15 11:56 UTC
51 CVE-2025-31161 n/a
v3.1 CRITICAL Score: 9.8
1 2025-06-15 11:56 UTC
52 CVE-2025-48466 n/a n/a 1 2025-06-17 17:56 UTC
53 CVE-2025-6220 Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options'
v3.1 HIGH Score: 7.2
1 2025-06-17 23:56 UTC
54 CVE-2025-5419 n/a n/a 1 2025-06-14 03:17 UTC
55 CVE-2025-24201 n/a n/a 1 2025-06-14 15:17 UTC
56 CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
v3.1 HIGH Score: 8.1
1 2025-06-18 17:56 UTC
57 CVE-2017-0143 n/a n/a 1 2025-06-17 11:56 UTC
58 CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input
v4.0 MEDIUM Score: 6.9
1 2025-06-13 09:17 UTC
59 CVE-2025-29471 n/a n/a 1 2025-06-13 03:17 UTC