GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-8088 Hot n/a n/a 6 2025-09-21 23:29 UTC
2 CVE-2025-49113 Hot n/a
v3.1 CRITICAL Score: 9.9
4 2025-09-19 11:29 UTC
3 CVE-2024-28397 Hot n/a n/a 4 2025-09-17 23:29 UTC
4 CVE-2025-32463 n/a
v3.1 CRITICAL Score: 9.3
4 2025-09-20 23:29 UTC
5 CVE-2025-10035 Deserialization Vulnerability in GoAnywhere MFT's License Servlet
v3.1 CRITICAL Score: 10
4 2025-09-21 11:29 UTC
6 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
3 2025-09-21 23:29 UTC
7 CVE-2025-3248 Langflow Unauth RCE
v3.1 CRITICAL Score: 9.8
2 2025-09-17 11:29 UTC
8 CVE-2025-56762 n/a n/a 2 2025-09-19 17:29 UTC
9 CVE-2024-57366 n/a n/a 2 2025-09-19 23:29 UTC
10 CVE-2025-10585 n/a n/a 2 2025-09-19 23:29 UTC
11 CVE-2025-25257 n/a n/a 2 2025-09-21 11:29 UTC
12 CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
2 2025-09-17 11:29 UTC
13 CVE-2014-6287 n/a n/a 2 2025-09-16 18:30 UTC
14 CVE-2025-34152 n/a n/a 2 2025-09-21 17:29 UTC
15 CVE-2019-3396 n/a n/a 2 2025-09-16 12:30 UTC
16 CVE-2018-25031 n/a n/a 2 2025-09-20 23:29 UTC
17 CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
v3.1 HIGH Score: 7.3
2 2025-09-19 17:29 UTC
18 CVE-2020-0796 n/a n/a 2 2025-09-21 23:29 UTC
19 CVE-2018-7600 n/a n/a 2 2025-09-21 23:29 UTC
20 CVE-2025-59359 n/a n/a 2 2025-09-18 05:29 UTC
21 CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint
v3.1 HIGH Score: 7.5
2 2025-09-16 18:30 UTC
22 CVE-2025-57819 FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
v4.0 CRITICAL Score: 10
2 2025-09-18 23:29 UTC
23 CVE-2025-48799 Windows Update Service Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
2 2025-09-19 07:05 UTC
24 CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues
v3.1 HIGH Score: 7.5
2 2025-09-17 11:29 UTC
25 CVE-2025-26686 Windows TCP/IP Remote Code Execution Vulnerability
v3.1 HIGH Score: 7.5
2 2025-09-16 06:30 UTC
26 CVE-2010-1240 n/a n/a 2 2025-09-17 11:29 UTC
27 CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability
v3.1 CRITICAL Score: 9
2 2025-09-19 17:29 UTC
28 CVE-2024-1709 Authentication bypass using an alternate path or channel
v3.1 CRITICAL Score: 10
2 2025-09-17 11:29 UTC
29 CVE-2025-27210 n/a
v3.0 HIGH Score: 7.5
2 2025-09-16 12:30 UTC
30 CVE-2023-30258 n/a n/a 1 2025-09-18 17:29 UTC
31 CVE-2024-46982 Cache Poisoning in next.js
v3.1 HIGH Score: 7.5
1 2025-09-21 23:29 UTC
32 CVE-2021-22600 Double Free in net/packet/af_packet.c leading to priviledge escalation
v3.1 MEDIUM Score: 6.6
1 2025-09-17 11:29 UTC
33 CVE-2025-55886 n/a n/a 1 2025-09-20 17:29 UTC
34 CVE-2025-53772 n/a n/a 1 2025-09-18 17:29 UTC
35 CVE-2025-59342 n/a n/a 1 2025-09-18 23:29 UTC
36 CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
v3.1 CRITICAL Score: 10
1 2025-09-18 17:29 UTC
37 CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability
v3.1 LOW Score: 2.6
1 2025-09-17 11:29 UTC
38 CVE-2025-29306 n/a n/a 1 2025-09-18 05:29 UTC
39 CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)
v3.1 HIGH Score: 8.4
1 2025-09-17 11:29 UTC
40 CVE-2025-55887 n/a n/a 1 2025-09-20 17:29 UTC
41 CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
v3.1 HIGH Score: 8.8
1 2025-09-16 18:30 UTC
42 CVE-2025-57515 n/a n/a 1 2025-09-20 11:29 UTC
43 CVE-2025-49493 n/a
v3.1 MEDIUM Score: 5.8
1 2025-09-20 05:29 UTC
44 CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers
v4.0 CRITICAL Score: 9.3
1 2025-09-20 05:29 UTC
45 CVE-2025-55888 n/a n/a 1 2025-09-20 23:29 UTC
46 CVE-2025-20265 n/a n/a 1 2025-09-20 11:29 UTC
47 CVE-2023-1545 SQL Injection in nilsteampassnet/teampass
v3.0 HIGH Score: 7.5
1 2025-09-22 05:29 UTC
48 CVE-2025-55885 n/a n/a 1 2025-09-20 17:29 UTC
49 CVE-2024-3094 Xz: malicious code in distributed source
v3.1 CRITICAL Score: 10
1 2025-09-20 11:29 UTC
50 CVE-2024-43630 Windows Kernel Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-09-17 23:29 UTC
51 CVE-2025-10533 n/a n/a 1 2025-09-16 18:30 UTC