GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-44228 Hot n/a n/a 4 2025-05-03 09:14 UTC
2 CVE-2025-45250 Hot n/a n/a 4 2025-05-07 17:01 UTC
3 CVE-2025-34028 Hot Commvault Command Center Innovation Release Unathenticated Path Traversal
v3.1 CRITICAL Score: 10
4 2025-05-06 19:57 UTC
4 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
3 2025-05-08 09:07 UTC
5 CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. n/a 3 2025-05-09 08:55 UTC
6 CVE-2025-31324 Missing Authorization check in SAP NetWeaver (Visual Composer development server)
v3.1 CRITICAL Score: 10
3 2025-05-07 08:01 UTC
7 CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
v3.1 CRITICAL Score: 10
3 2025-05-03 15:19 UTC
8 CVE-2025-2011 n/a n/a 2 2025-05-07 03:24 UTC
9 CVE-2021-25646 Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. n/a 2 2025-05-08 21:07 UTC
10 CVE-2025-12654 n/a n/a 2 2025-05-03 09:14 UTC
11 CVE-2016-5195 n/a n/a 2 2025-05-03 09:14 UTC
12 CVE-2021-1931 n/a
v3.1 MEDIUM Score: 6.7
2 2025-05-04 15:00 UTC
13 CVE-2024-27956 WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability
v3.1 CRITICAL Score: 9.9
2 2025-05-03 09:14 UTC
14 CVE-2025-26529 Stored XSS risk in admin live log
v3.1 HIGH Score: 8.3
2 2025-05-03 20:49 UTC
15 CVE-2021-23017 n/a n/a 2 2025-05-06 19:57 UTC
16 CVE-2025-3248 Langflow Unauth RCE
v3.1 CRITICAL Score: 9.8
2 2025-05-05 22:12 UTC
17 CVE-2025-27533 n/a n/a 2 2025-05-09 08:55 UTC
18 CVE-2025-24801 GLPI allows authenticated remote code execution
v3.1 HIGH Score: 8.6
2 2025-05-06 07:57 UTC
19 CVE-2025-31161 n/a
v3.1 CRITICAL Score: 9.8
2 2025-05-03 09:14 UTC
20 CVE-2025-27007 WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
v3.1 CRITICAL Score: 9.8
2 2025-05-07 08:01 UTC
21 CVE-2023-46818 n/a n/a 2 2025-05-03 09:14 UTC
22 CVE-2023-7231 n/a n/a 2 2025-05-08 09:07 UTC
23 CVE-2024-57376 n/a n/a 2 2025-05-08 09:07 UTC
24 CVE-2025-3969 codeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted upload
v4.0 MEDIUM Score: 5.3
2 2025-05-05 10:12 UTC
25 CVE-2025-32375 Insecure Deserialization leads to RCE in BentoML's runner server
v3.1 CRITICAL Score: 9.8
2 2025-05-03 20:49 UTC
26 CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
v4.0 HIGH Score: 7.3
1 2025-05-06 07:57 UTC
27 CVE-2024-13513 Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation
v3.1 CRITICAL Score: 9.8
1 2025-05-09 08:55 UTC
28 CVE-2025-3605 n/a n/a 1 2025-05-09 23:14 UTC
29 CVE-2022-24894 Symfony storing cookie headers in HttpCache
v3.1 MEDIUM Score: 5.9
1 2025-05-08 09:07 UTC
30 CVE-2025-24252 n/a n/a 1 2025-05-06 19:57 UTC
31 CVE-2024-21546 n/a
v4.0 CRITICAL Score: 9.3
1 2025-05-05 10:12 UTC
32 CVE-2025-28073 n/a n/a 1 2025-05-07 17:01 UTC
33 CVE-2025-3776 Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution
v3.1 HIGH Score: 8.3
1 2025-05-05 16:12 UTC
34 CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
v3.1 HIGH Score: 8.1
1 2025-05-07 17:01 UTC
35 CVE-2025-31125 Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
v3.1 MEDIUM Score: 5.3
1 2025-05-07 08:01 UTC
36 CVE-2025-24893 Remote code execution as guest via SolrSearchMacros request in xwiki
v3.1 CRITICAL Score: 9.8
1 2025-05-05 10:12 UTC
37 CVE-2025-44039 n/a n/a 1 2025-05-03 09:14 UTC
38 CVE-2020-13151 n/a n/a 1 2025-05-03 09:14 UTC
39 CVE-2021-21424 Prevent user enumeration using Guard or the new Authenticator-based Security
v3.1 MEDIUM Score: 5.3
1 2025-05-08 09:07 UTC
40 CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
v3.1 CRITICAL Score: 10
1 2025-05-03 09:14 UTC
41 CVE-2025-29448 n/a n/a 1 2025-05-05 22:12 UTC
42 CVE-2021-41268 Cookie persistence in Symfony
v3.1 MEDIUM Score: 6.5
1 2025-05-08 09:07 UTC
43 CVE-2023-4504 OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow n/a 1 2025-05-08 09:07 UTC
44 CVE-2024-23113 n/a
v3.1 CRITICAL Score: 9.8
1 2025-05-03 09:14 UTC
45 CVE-2025-47549 n/a n/a 1 2025-05-08 21:07 UTC
46 CVE-2025-47240 n/a n/a 1 2025-05-03 23:36 UTC
47 CVE-2025-3604 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover
v3.1 CRITICAL Score: 9.8
1 2025-05-06 07:57 UTC
48 CVE-2024-39722 n/a n/a 1 2025-05-07 08:01 UTC
49 CVE-2025-2748 Kentico Xperience stored cross-site scripting in multiple-file upload functionality
v3.1 MEDIUM Score: 6.5
1 2025-05-09 23:14 UTC
50 CVE-2025-24203 n/a n/a 1 2025-05-09 08:55 UTC
51 CVE-2025-31650 Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame n/a 1 2025-05-03 09:14 UTC
52 CVE-2025-47226 n/a
v3.1 MEDIUM Score: 5
1 2025-05-03 20:49 UTC
53 CVE-2025-28074 n/a n/a 1 2025-05-07 17:01 UTC
54 CVE-2025-47550 n/a n/a 1 2025-05-08 21:07 UTC
55 CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
1 2025-05-03 09:14 UTC
56 CVE-2024-25600 WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
v3.1 CRITICAL Score: 10
1 2025-05-09 23:14 UTC
57 CVE-2024-6648 n/a n/a 1 2025-05-08 15:07 UTC
58 CVE-2012-3576 n/a n/a 1 2025-05-03 09:14 UTC
59 CVE-2025-24132 n/a n/a 1 2025-05-06 19:57 UTC
60 CVE-2025-25014 n/a n/a 1 2025-05-07 17:01 UTC
61 CVE-2025-3928 Commvault Web Server unspecified vulnerability
v4.0 HIGH Score: 8.7
1 2025-05-03 09:14 UTC
62 CVE-2024-49138 Windows Common Log File System Driver Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-05-04 20:09 UTC
63 CVE-2024-31317 n/a n/a 1 2025-05-03 09:14 UTC
64 CVE-2025-1974 ingress-nginx admission controller RCE escalation
v3.1 CRITICAL Score: 9.8
1 2025-05-07 03:24 UTC
65 CVE-2024-39719 n/a n/a 1 2025-05-08 09:07 UTC
66 CVE-2025-47423 n/a n/a 1 2025-05-07 08:01 UTC
67 CVE-2025-47256 n/a n/a 1 2025-05-05 16:12 UTC
68 CVE-2025-28062 n/a n/a 1 2025-05-05 16:12 UTC
69 CVE-2021-42392 n/a n/a 1 2025-05-08 15:07 UTC
70 CVE-2025-1304 NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload
v3.1 HIGH Score: 8.8
1 2025-05-03 09:14 UTC
71 CVE-2025-4190 n/a n/a 1 2025-05-07 17:01 UTC
72 CVE-2019-10909 n/a n/a 1 2025-05-08 09:07 UTC
73 CVE-2003-0201 n/a n/a 1 2025-05-08 09:07 UTC
74 CVE-2023-22518 n/a
v3.0 CRITICAL Score: 10
1 2025-05-05 10:12 UTC
75 CVE-2025-46271 Planet Technology Network Products OS Command Injection
v4.0 CRITICAL Score: 9.3
1 2025-05-08 09:07 UTC