GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-24071 Hot | Microsoft Windows File Explorer Spoofing Vulnerability |
v3.1
MEDIUM
Score: 6.5
|
6 | 2025-05-28 15:33 UTC |
| 2 | CVE-2025-4664 Hot | n/a | n/a | 4 | 2025-05-26 15:49 UTC |
| 3 | CVE-2018-8097 Hot | n/a | n/a | 3 | 2025-05-28 15:33 UTC |
| 4 | CVE-2024-42009 | n/a | n/a | 3 | 2025-05-26 04:40 UTC |
| 5 | CVE-2024-32462 | Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing |
v3.1
HIGH
Score: 8.4
|
2 | 2025-05-28 15:33 UTC |
| 6 | CVE-2025-29927 | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
|
2 | 2025-05-26 09:49 UTC |
| 7 | CVE-2025-4918 | n/a | n/a | 2 | 2025-05-23 15:31 UTC |
| 8 | CVE-2024-42008 | n/a | n/a | 2 | 2025-05-26 04:40 UTC |
| 9 | CVE-2020-11097 | OOB read in ntlm_av_pair_get in FreeRDP |
v3.1
LOW
Score: 3.5
|
2 | 2025-05-26 04:40 UTC |
| 10 | CVE-2025-46801 | n/a | n/a | 2 | 2025-05-23 15:31 UTC |
| 11 | CVE-2024-0204 | Authentication Bypass in GoAnywhere MFT |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-05-25 21:49 UTC |
| 12 | CVE-2025-46173 | n/a | n/a | 2 | 2025-05-26 09:49 UTC |
| 13 | CVE-2023-40130 | n/a | n/a | 2 | 2025-05-27 09:49 UTC |
| 14 | CVE-2025-22252 | n/a | n/a | 2 | 2025-05-28 15:33 UTC |
| 15 | CVE-2025-22457 | n/a |
v3.1
CRITICAL
Score: 9
|
2 | 2025-05-26 04:40 UTC |
| 16 | CVE-2025-31161 | n/a |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-05-23 21:31 UTC |
| 17 | CVE-2025-36535 | n/a | n/a | 2 | 2025-05-25 15:49 UTC |
| 18 | CVE-2020-13398 | n/a | n/a | 2 | 2025-05-25 21:49 UTC |
| 19 | CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
2 | 2025-05-26 21:49 UTC |
| 20 | CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | n/a | 2 | 2025-05-25 15:49 UTC |
| 21 | CVE-2025-48708 | n/a |
v3.1
MEDIUM
Score: 4
|
2 | 2025-05-25 15:49 UTC |
| 22 | CVE-2025-4123 | n/a |
v3.1
HIGH
Score: 7.6
|
2 | 2025-05-23 15:31 UTC |
| 23 | CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
1 | 2025-05-23 21:31 UTC |
| 24 | CVE-2025-5287 | n/a | n/a | 1 | 2025-05-28 15:33 UTC |
| 25 | CVE-2025-0868 | Remote Code Execution in DocsGPT |
v4.0
CRITICAL
Score: 9.3
|
1 | 2025-05-25 15:49 UTC |
| 26 | CVE-2025-27363 | n/a |
v3.1
HIGH
Score: 8.1
|
1 | 2025-05-26 09:49 UTC |
| 27 | CVE-2024-12583 | Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection |
v3.1
CRITICAL
Score: 9.9
|
1 | 2025-05-23 15:31 UTC |
| 28 | CVE-2025-2783 | n/a | n/a | 1 | 2025-05-26 15:49 UTC |
| 29 | CVE-2025-32421 | n/a | n/a | 1 | 2025-05-26 15:49 UTC |
| 30 | CVE-2025-5058 | n/a | n/a | 1 | 2025-05-23 21:31 UTC |
| 31 | CVE-2021-44228 | Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints | n/a | 1 | 2025-05-27 04:47 UTC |
| 32 | CVE-2025-3248 | Langflow Unauth RCE |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-05-27 04:47 UTC |
| 33 | CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-05-24 09:31 UTC |
| 34 | CVE-2025-2907 | Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update | n/a | 1 | 2025-05-26 04:40 UTC |
| 35 | CVE-2025-24203 | n/a | n/a | 1 | 2025-05-25 15:49 UTC |
| 36 | CVE-2024-28995 | SolarWinds Serv-U L Directory Transversal Vulnerability |
v3.1
HIGH
Score: 8.6
|
1 | 2025-05-28 15:33 UTC |
| 37 | CVE-2025-30397 | Scripting Engine Memory Corruption Vulnerability |
v3.1
HIGH
Score: 7.5
|
1 | 2025-05-26 15:49 UTC |
| 38 | CVE-2024-8682 | JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration |
v3.1
MEDIUM
Score: 5.3
|
1 | 2025-05-27 09:49 UTC |
| 39 | CVE-2025-47181 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 8.8
|
1 | 2025-05-23 21:31 UTC |
| 40 | CVE-2025-2539 | File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read |
v3.1
HIGH
Score: 7.5
|
1 | 2025-05-28 15:33 UTC |
| 41 | CVE-2024-55591 | n/a |
v3.1
CRITICAL
Score: 9.6
|
1 | 2025-05-26 15:49 UTC |
| 42 | CVE-2025-5196 | Wing FTP Server Lua Admin Console unnecessary privileges |
v4.0
HIGH
Score: 7.5
|
1 | 2025-05-26 15:49 UTC |
| 43 | CVE-2025-2857 | n/a | n/a | 1 | 2025-05-26 15:49 UTC |
| 44 | CVE-2025-25014 | n/a | n/a | 1 | 2025-05-24 15:31 UTC |
| 45 | CVE-2023-20963 | n/a | n/a | 1 | 2025-05-25 15:49 UTC |
| 46 | CVE-2025-4389 | n/a | n/a | 1 | 2025-05-26 21:49 UTC |
| 47 | CVE-1999-0524 | n/a | n/a | 1 | 2025-05-27 15:49 UTC |
| 48 | CVE-2025-4322 | n/a | n/a | 1 | 2025-05-25 21:49 UTC |