GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-24071 Hot Microsoft Windows File Explorer Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
6 2025-05-28 15:33 UTC
2 CVE-2025-4664 Hot n/a n/a 4 2025-05-26 15:49 UTC
3 CVE-2018-8097 Hot n/a n/a 3 2025-05-28 15:33 UTC
4 CVE-2024-42009 n/a n/a 3 2025-05-26 04:40 UTC
5 CVE-2024-32462 Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
v3.1 HIGH Score: 8.4
2 2025-05-28 15:33 UTC
6 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
2 2025-05-26 09:49 UTC
7 CVE-2025-4918 n/a n/a 2 2025-05-23 15:31 UTC
8 CVE-2024-42008 n/a n/a 2 2025-05-26 04:40 UTC
9 CVE-2020-11097 OOB read in ntlm_av_pair_get in FreeRDP
v3.1 LOW Score: 3.5
2 2025-05-26 04:40 UTC
10 CVE-2025-46801 n/a n/a 2 2025-05-23 15:31 UTC
11 CVE-2024-0204 Authentication Bypass in GoAnywhere MFT
v3.1 CRITICAL Score: 9.8
2 2025-05-25 21:49 UTC
12 CVE-2025-46173 n/a n/a 2 2025-05-26 09:49 UTC
13 CVE-2023-40130 n/a n/a 2 2025-05-27 09:49 UTC
14 CVE-2025-22252 n/a n/a 2 2025-05-28 15:33 UTC
15 CVE-2025-22457 n/a
v3.1 CRITICAL Score: 9
2 2025-05-26 04:40 UTC
16 CVE-2025-31161 n/a
v3.1 CRITICAL Score: 9.8
2 2025-05-23 21:31 UTC
17 CVE-2025-36535 n/a n/a 2 2025-05-25 15:49 UTC
18 CVE-2020-13398 n/a n/a 2 2025-05-25 21:49 UTC
19 CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
2 2025-05-26 21:49 UTC
20 CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT n/a 2 2025-05-25 15:49 UTC
21 CVE-2025-48708 n/a
v3.1 MEDIUM Score: 4
2 2025-05-25 15:49 UTC
22 CVE-2025-4123 n/a
v3.1 HIGH Score: 7.6
2 2025-05-23 15:31 UTC
23 CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-05-23 21:31 UTC
24 CVE-2025-5287 n/a n/a 1 2025-05-28 15:33 UTC
25 CVE-2025-0868 Remote Code Execution in DocsGPT
v4.0 CRITICAL Score: 9.3
1 2025-05-25 15:49 UTC
26 CVE-2025-27363 n/a
v3.1 HIGH Score: 8.1
1 2025-05-26 09:49 UTC
27 CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection
v3.1 CRITICAL Score: 9.9
1 2025-05-23 15:31 UTC
28 CVE-2025-2783 n/a n/a 1 2025-05-26 15:49 UTC
29 CVE-2025-32421 n/a n/a 1 2025-05-26 15:49 UTC
30 CVE-2025-5058 n/a n/a 1 2025-05-23 21:31 UTC
31 CVE-2021-44228 Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints n/a 1 2025-05-27 04:47 UTC
32 CVE-2025-3248 Langflow Unauth RCE
v3.1 CRITICAL Score: 9.8
1 2025-05-27 04:47 UTC
33 CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
v3.1 CRITICAL Score: 9.8
1 2025-05-24 09:31 UTC
34 CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update n/a 1 2025-05-26 04:40 UTC
35 CVE-2025-24203 n/a n/a 1 2025-05-25 15:49 UTC
36 CVE-2024-28995 SolarWinds Serv-U L Directory Transversal Vulnerability
v3.1 HIGH Score: 8.6
1 2025-05-28 15:33 UTC
37 CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability
v3.1 HIGH Score: 7.5
1 2025-05-26 15:49 UTC
38 CVE-2024-8682 JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration
v3.1 MEDIUM Score: 5.3
1 2025-05-27 09:49 UTC
39 CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
1 2025-05-23 21:31 UTC
40 CVE-2025-2539 File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
v3.1 HIGH Score: 7.5
1 2025-05-28 15:33 UTC
41 CVE-2024-55591 n/a
v3.1 CRITICAL Score: 9.6
1 2025-05-26 15:49 UTC
42 CVE-2025-5196 Wing FTP Server Lua Admin Console unnecessary privileges
v4.0 HIGH Score: 7.5
1 2025-05-26 15:49 UTC
43 CVE-2025-2857 n/a n/a 1 2025-05-26 15:49 UTC
44 CVE-2025-25014 n/a n/a 1 2025-05-24 15:31 UTC
45 CVE-2023-20963 n/a n/a 1 2025-05-25 15:49 UTC
46 CVE-2025-4389 n/a n/a 1 2025-05-26 21:49 UTC
47 CVE-1999-0524 n/a n/a 1 2025-05-27 15:49 UTC
48 CVE-2025-4322 n/a n/a 1 2025-05-25 21:49 UTC