GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-24893 Hot | Remote code execution as guest via SolrSearchMacros request in xwiki |
v3.1
CRITICAL
Score: 9.8
|
11 | 2025-08-09 20:43 UTC |
| 2 | CVE-2025-54253 Hot | n/a | n/a | 5 | 2025-08-07 08:43 UTC |
| 3 | CVE-2022-22965 Hot | n/a | n/a | 2 | 2025-08-06 14:43 UTC |
| 4 | CVE-2025-30406 | n/a |
v3.1
CRITICAL
Score: 9
|
2 | 2025-08-07 02:43 UTC |
| 5 | CVE-2025-6384 | n/a | n/a | 2 | 2025-08-08 20:43 UTC |
| 6 | CVE-2025-4404 | Freeipa: idm: privilege escalation from host to domain admin in freeipa |
v3.1
CRITICAL
Score: 9.1
|
2 | 2025-08-09 08:43 UTC |
| 7 | CVE-2025-34152 | n/a | n/a | 2 | 2025-08-07 20:43 UTC |
| 8 | CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | n/a | 2 | 2025-08-06 08:43 UTC |
| 9 | CVE-2018-7600 | n/a | n/a | 2 | 2025-08-08 20:43 UTC |
| 10 | CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-08-09 14:43 UTC |
| 11 | CVE-2021-3544 | n/a | n/a | 2 | 2025-08-06 20:43 UTC |
| 12 | CVE-2025-31722 | n/a | n/a | 2 | 2025-08-08 20:43 UTC |
| 13 | CVE-2025-32463 | n/a |
v3.1
CRITICAL
Score: 9.3
|
2 | 2025-08-09 14:43 UTC |
| 14 | CVE-2021-30809 | n/a | n/a | 2 | 2025-08-09 20:43 UTC |
| 15 | CVE-2025-7769 | n/a | n/a | 1 | 2025-08-07 08:43 UTC |
| 16 | CVE-2022-0000 | n/a | n/a | 1 | 2025-08-09 08:43 UTC |
| 17 | CVE-2025-53786 | Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 8
|
1 | 2025-08-08 14:43 UTC |
| 18 | CVE-2025-8730 | Belkin F9K1009/F9K1010 Web Interface hard-coded credentials |
v4.0
CRITICAL
Score: 9.3
|
1 | 2025-08-09 02:43 UTC |
| 19 | CVE-2014-6271 | n/a | n/a | 1 | 2025-08-09 14:43 UTC |
| 20 | CVE-2025-4126 | n/a | n/a | 1 | 2025-08-07 02:43 UTC |
| 21 | CVE-2025-5777 | NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread |
v4.0
CRITICAL
Score: 9.3
|
1 | 2025-08-08 02:43 UTC |
| 22 | CVE-2025-48621 | n/a | n/a | 1 | 2025-08-06 08:43 UTC |
| 23 | CVE-2017-13156 | n/a | n/a | 1 | 2025-08-06 08:43 UTC |
| 24 | CVE-2011-2523 | n/a | n/a | 1 | 2025-08-08 02:43 UTC |
| 25 | CVE-2025-54794 | Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access |
v4.0
HIGH
Score: 7.7
|
1 | 2025-08-06 08:43 UTC |
| 26 | CVE-2024-32167 | n/a | n/a | 1 | 2025-08-07 02:43 UTC |
| 27 | CVE-2020-0796 | n/a | n/a | 1 | 2025-08-06 08:43 UTC |
| 28 | CVE-2025-53770 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-08-07 20:43 UTC |
| 29 | CVE-2025-24354 | imgproxy is vulnerable to SSRF against 0.0.0.0 |
v3.1
MEDIUM
Score: 5.3
|
1 | 2025-08-08 20:43 UTC |
| 30 | CVE-2024-32019 | ndsudo: local privilege escalation via untrusted search path |
v3.1
HIGH
Score: 8.8
|
1 | 2025-08-07 02:43 UTC |
| 31 | CVE-2025-54948 | n/a | n/a | 1 | 2025-08-07 14:43 UTC |
| 32 | CVE-2024-0000 | n/a | n/a | 1 | 2025-08-09 14:43 UTC |
| 33 | CVE-2025-54135 | Cursor Agent is vulnerable to prompt injection via MCP Special Files |
v3.1
HIGH
Score: 8.6
|
1 | 2025-08-07 08:43 UTC |