GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-8088 Hot | n/a | n/a | 6 | 2025-09-21 23:29 UTC |
| 2 | CVE-2025-49113 Hot | n/a |
v3.1
CRITICAL
Score: 9.9
|
4 | 2025-09-19 11:29 UTC |
| 3 | CVE-2024-28397 Hot | n/a | n/a | 4 | 2025-09-17 23:29 UTC |
| 4 | CVE-2025-32463 | n/a |
v3.1
CRITICAL
Score: 9.3
|
4 | 2025-09-20 23:29 UTC |
| 5 | CVE-2025-10035 | Deserialization Vulnerability in GoAnywhere MFT's License Servlet |
v3.1
CRITICAL
Score: 10
|
4 | 2025-09-21 11:29 UTC |
| 6 | CVE-2025-29927 | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
|
3 | 2025-09-21 23:29 UTC |
| 7 | CVE-2025-3248 | Langflow Unauth RCE |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-09-17 11:29 UTC |
| 8 | CVE-2025-56762 | n/a | n/a | 2 | 2025-09-19 17:29 UTC |
| 9 | CVE-2024-57366 | n/a | n/a | 2 | 2025-09-19 23:29 UTC |
| 10 | CVE-2025-10585 | n/a | n/a | 2 | 2025-09-19 23:29 UTC |
| 11 | CVE-2025-25257 | n/a | n/a | 2 | 2025-09-21 11:29 UTC |
| 12 | CVE-2025-54918 | Windows NTLM Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 8.8
|
2 | 2025-09-17 11:29 UTC |
| 13 | CVE-2014-6287 | n/a | n/a | 2 | 2025-09-16 18:30 UTC |
| 14 | CVE-2025-34152 | n/a | n/a | 2 | 2025-09-21 17:29 UTC |
| 15 | CVE-2019-3396 | n/a | n/a | 2 | 2025-09-16 12:30 UTC |
| 16 | CVE-2018-25031 | n/a | n/a | 2 | 2025-09-20 23:29 UTC |
| 17 | CVE-2025-49144 | Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path |
v3.1
HIGH
Score: 7.3
|
2 | 2025-09-19 17:29 UTC |
| 18 | CVE-2020-0796 | n/a | n/a | 2 | 2025-09-21 23:29 UTC |
| 19 | CVE-2018-7600 | n/a | n/a | 2 | 2025-09-21 23:29 UTC |
| 20 | CVE-2025-59359 | n/a | n/a | 2 | 2025-09-18 05:29 UTC |
| 21 | CVE-2025-24799 | GLPI allows unauthenticated SQL injection through the inventory endpoint |
v3.1
HIGH
Score: 7.5
|
2 | 2025-09-16 18:30 UTC |
| 22 | CVE-2025-57819 | FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE |
v4.0
CRITICAL
Score: 10
|
2 | 2025-09-18 23:29 UTC |
| 23 | CVE-2025-48799 | Windows Update Service Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
2 | 2025-09-19 07:05 UTC |
| 24 | CVE-2024-4157 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues |
v3.1
HIGH
Score: 7.5
|
2 | 2025-09-17 11:29 UTC |
| 25 | CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability |
v3.1
HIGH
Score: 7.5
|
2 | 2025-09-16 06:30 UTC |
| 26 | CVE-2010-1240 | n/a | n/a | 2 | 2025-09-17 11:29 UTC |
| 27 | CVE-2025-55241 | Azure Entra Elevation of Privilege Vulnerability |
v3.1
CRITICAL
Score: 9
|
2 | 2025-09-19 17:29 UTC |
| 28 | CVE-2024-1709 | Authentication bypass using an alternate path or channel |
v3.1
CRITICAL
Score: 10
|
2 | 2025-09-17 11:29 UTC |
| 29 | CVE-2025-27210 | n/a |
v3.0
HIGH
Score: 7.5
|
2 | 2025-09-16 12:30 UTC |
| 30 | CVE-2023-30258 | n/a | n/a | 1 | 2025-09-18 17:29 UTC |
| 31 | CVE-2024-46982 | Cache Poisoning in next.js |
v3.1
HIGH
Score: 7.5
|
1 | 2025-09-21 23:29 UTC |
| 32 | CVE-2021-22600 | Double Free in net/packet/af_packet.c leading to priviledge escalation |
v3.1
MEDIUM
Score: 6.6
|
1 | 2025-09-17 11:29 UTC |
| 33 | CVE-2025-55886 | n/a | n/a | 1 | 2025-09-20 17:29 UTC |
| 34 | CVE-2025-53772 | n/a | n/a | 1 | 2025-09-18 17:29 UTC |
| 35 | CVE-2025-59342 | n/a | n/a | 1 | 2025-09-18 23:29 UTC |
| 36 | CVE-2025-32433 | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
|
1 | 2025-09-18 17:29 UTC |
| 37 | CVE-2024-45712 | SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability |
v3.1
LOW
Score: 2.6
|
1 | 2025-09-17 11:29 UTC |
| 38 | CVE-2025-29306 | n/a | n/a | 1 | 2025-09-18 05:29 UTC |
| 39 | CVE-2024-1708 | Improper limitation of a pathname to a restricted directory (“path traversal”) |
v3.1
HIGH
Score: 8.4
|
1 | 2025-09-17 11:29 UTC |
| 40 | CVE-2025-55887 | n/a | n/a | 1 | 2025-09-20 17:29 UTC |
| 41 | CVE-2025-54106 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
v3.1
HIGH
Score: 8.8
|
1 | 2025-09-16 18:30 UTC |
| 42 | CVE-2025-57515 | n/a | n/a | 1 | 2025-09-20 11:29 UTC |
| 43 | CVE-2025-49493 | n/a |
v3.1
MEDIUM
Score: 5.8
|
1 | 2025-09-20 05:29 UTC |
| 44 | CVE-2025-9074 | Docker Desktop allows unauthenticated access to Docker Engine API from containers |
v4.0
CRITICAL
Score: 9.3
|
1 | 2025-09-20 05:29 UTC |
| 45 | CVE-2025-55888 | n/a | n/a | 1 | 2025-09-20 23:29 UTC |
| 46 | CVE-2025-20265 | n/a | n/a | 1 | 2025-09-20 11:29 UTC |
| 47 | CVE-2023-1545 | SQL Injection in nilsteampassnet/teampass |
v3.0
HIGH
Score: 7.5
|
1 | 2025-09-22 05:29 UTC |
| 48 | CVE-2025-55885 | n/a | n/a | 1 | 2025-09-20 17:29 UTC |
| 49 | CVE-2024-3094 | Xz: malicious code in distributed source |
v3.1
CRITICAL
Score: 10
|
1 | 2025-09-20 11:29 UTC |
| 50 | CVE-2024-43630 | Windows Kernel Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
1 | 2025-09-17 23:29 UTC |
| 51 | CVE-2025-10533 | n/a | n/a | 1 | 2025-09-16 18:30 UTC |