GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-46801 Hot n/a n/a 8 2025-05-23 15:31 UTC
2 CVE-2025-4918 Hot n/a n/a 7 2025-05-23 15:31 UTC
3 CVE-2025-4123 Hot n/a
v3.1 HIGH Score: 7.6
4 2025-05-23 15:31 UTC
4 CVE-2025-4322 n/a n/a 3 2025-05-22 15:31 UTC
5 CVE-2024-21762 n/a
v3.1 CRITICAL Score: 9.6
2 2025-05-22 21:31 UTC
6 CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
2 2025-05-20 00:11 UTC
7 CVE-2025-4921 n/a n/a 2 2025-05-18 02:05 UTC
8 CVE-2025-29813 n/a n/a 2 2025-05-20 00:11 UTC
9 CVE-2025-4664 n/a n/a 2 2025-05-18 08:05 UTC
10 CVE-2025-12654 n/a n/a 2 2025-05-21 21:31 UTC
11 CVE-2021-38003 n/a n/a 2 2025-05-20 00:11 UTC
12 CVE-2025-31200 n/a n/a 2 2025-05-18 02:05 UTC
13 CVE-2025-44228 n/a n/a 2 2025-05-21 21:31 UTC
14 CVE-2024-4577 Argument Injection in PHP-CGI
v3.1 CRITICAL Score: 9.8
2 2025-05-20 00:11 UTC
15 CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path
v4.0 HIGH Score: 7.7
2 2025-05-23 12:24 UTC
16 CVE-2024-12583 Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection
v3.1 CRITICAL Score: 9.9
2 2025-05-23 15:31 UTC
17 CVE-2025-47646 n/a n/a 2 2025-05-20 12:11 UTC
18 CVE-2025-4611 Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode
v3.1 MEDIUM Score: 6.4
2 2025-05-23 12:24 UTC
19 CVE-2025-47827 n/a n/a 2 2025-05-20 12:11 UTC
20 CVE-2025-24085 n/a n/a 2 2025-05-21 00:11 UTC
21 CVE-2024-9463 Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure
v4.0 CRITICAL Score: 9.9
2 2025-05-22 21:31 UTC
22 CVE-2025-31161 n/a
v3.1 CRITICAL Score: 9.8
2 2025-05-23 21:31 UTC
23 CVE-2025-4427 Authentication Bypass
v3.1 MEDIUM Score: 5.3
2 2025-05-17 15:35 UTC
24 CVE-2024-53677 Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
v4.0 CRITICAL Score: 9.5
2 2025-05-20 09:00 UTC
25 CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 n/a 2 2025-05-20 00:11 UTC
26 CVE-2025-2135 n/a n/a 1 2025-05-20 00:11 UTC
27 CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure
v3.1 HIGH Score: 7.5
1 2025-05-23 06:54 UTC
28 CVE-2025-44108 n/a n/a 1 2025-05-22 09:31 UTC
29 CVE-2025-44998 n/a n/a 1 2025-05-23 06:54 UTC
30 CVE-2025-5058 n/a n/a 1 2025-05-23 21:31 UTC
31 CVE-2025-24104 n/a n/a 1 2025-05-18 20:05 UTC
32 CVE-2011-0762 n/a n/a 1 2025-05-20 00:11 UTC
33 CVE-2024-56428 n/a n/a 1 2025-05-21 09:31 UTC
34 CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint
v3.1 HIGH Score: 7.5
1 2025-05-22 21:31 UTC
35 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
1 2025-05-23 12:24 UTC
36 CVE-2022-46169 Unauthenticated Command Injection
v3.1 CRITICAL Score: 9.8
1 2025-05-21 15:31 UTC
37 CVE-2025-37899 n/a n/a 1 2025-05-22 15:31 UTC
38 CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
v3.1 CRITICAL Score: 9.8
1 2025-05-24 09:31 UTC
39 CVE-2024-41713 n/a n/a 1 2025-05-18 14:05 UTC
40 CVE-2024-56429 n/a n/a 1 2025-05-21 09:31 UTC
41 CVE-2023-38840 n/a n/a 1 2025-05-21 09:31 UTC
42 CVE-2013-4786 n/a n/a 1 2025-05-23 12:24 UTC
43 CVE-2025-32756 n/a n/a 1 2025-05-18 14:05 UTC
44 CVE-2025-4919 n/a n/a 1 2025-05-20 00:11 UTC
45 CVE-2024-3661 DHCP routing options can manipulate interface-based VPN traffic
v3.1 HIGH Score: 7.6
1 2025-05-23 12:24 UTC
46 CVE-2024-3094 Xz: malicious code in distributed source
v3.1 CRITICAL Score: 10
1 2025-05-20 12:11 UTC
47 CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
v4.0 MEDIUM Score: 5.9
1 2025-05-21 09:31 UTC
48 CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)
v4.0 MEDIUM Score: 5.9
1 2025-05-21 09:31 UTC
49 CVE-2018-6574 n/a n/a 1 2025-05-22 15:31 UTC
50 CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
1 2025-05-23 21:31 UTC
51 CVE-2025-40634 n/a n/a 1 2025-05-20 18:28 UTC
52 CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-05-23 21:31 UTC
53 CVE-2024-44258 n/a n/a 1 2025-05-18 02:05 UTC
54 CVE-2025-47539 n/a n/a 1 2025-05-18 02:05 UTC