GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-48384 Hot Git allows arbitrary code execution through broken config quoting
v3.1 HIGH Score: 8.1
9 2025-08-29 15:33 UTC
2 CVE-2025-8088 Hot n/a n/a 7 2025-08-27 21:33 UTC
3 CVE-2025-57819 Hot FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
v4.0 CRITICAL Score: 10
4 2025-08-29 15:33 UTC
4 CVE-2025-32463 n/a
v3.1 CRITICAL Score: 9.3
3 2025-08-27 21:33 UTC
5 CVE-2025-7775 Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service
v4.0 CRITICAL Score: 9.2
3 2025-08-28 09:33 UTC
6 CVE-2025-34040 Zhiyuan OA System Path Traversal File Upload
v4.0 CRITICAL Score: 10
2 2025-08-29 09:33 UTC
7 CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
v3.1 CRITICAL Score: 10
2 2025-08-28 15:33 UTC
8 CVE-2025-31200 n/a n/a 2 2025-08-28 15:33 UTC
9 CVE-2025-55579 n/a n/a 2 2025-08-29 15:33 UTC
10 CVE-2018-19323 n/a n/a 2 2025-08-27 15:32 UTC
11 CVE-2023-45539 n/a n/a 2 2025-08-27 09:33 UTC
12 CVE-2025-55763 n/a n/a 2 2025-08-29 15:33 UTC
13 CVE-2025-5419 n/a n/a 2 2025-08-29 03:33 UTC
14 CVE-2025-52100 n/a n/a 2 2025-08-29 09:33 UTC
15 CVE-2025-49113 n/a
v3.1 CRITICAL Score: 9.9
2 2025-08-29 21:33 UTC
16 CVE-2025-55580 n/a n/a 2 2025-08-29 15:33 UTC
17 CVE-2025-55188 n/a n/a 2 2025-08-29 09:33 UTC
18 CVE-2007-2447 n/a n/a 2 2025-08-27 15:32 UTC
19 CVE-2025-54309 n/a
v3.1 CRITICAL Score: 9
2 2025-08-29 03:33 UTC
20 CVE-2025-0309 n/a n/a 1 2025-08-29 15:33 UTC
21 CVE-2024-5083 Nexus Repository 2 - Stored XSS
v4.0 MEDIUM Score: 5.1
1 2025-08-27 15:32 UTC
22 CVE-2025-34159 n/a n/a 1 2025-08-27 21:33 UTC
23 CVE-2022-20421 n/a n/a 1 2025-08-29 03:33 UTC
24 CVE-2025-24893 Remote code execution as guest via SolrSearchMacros request in xwiki
v3.1 CRITICAL Score: 9.8
1 2025-08-26 21:32 UTC
25 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
1 2025-08-28 09:33 UTC
26 CVE-2025-7955 RingCentral Communications 1.5 - 1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function
v3.1 CRITICAL Score: 9.8
1 2025-08-28 15:33 UTC
27 CVE-2025-46724 n/a n/a 1 2025-08-27 09:33 UTC
28 CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection
v3.1 CRITICAL Score: 9.8
1 2025-08-28 21:32 UTC
29 CVE-2025-38676 n/a n/a 1 2025-08-27 03:33 UTC
30 CVE-2024-28397 n/a n/a 1 2025-08-28 09:33 UTC
31 CVE-2025-34161 Coolify Git Repository Field Command Injection in Project Deployment Workflow
v4.0 CRITICAL Score: 9.4
1 2025-08-27 21:33 UTC
32 CVE-2025-47987 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-08-28 21:32 UTC
33 CVE-2025-6934 Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'
v3.1 CRITICAL Score: 9.8
1 2025-08-27 15:32 UTC