GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-53770 Hot Microsoft SharePoint Server Remote Code Execution Vulnerability
v3.1 CRITICAL Score: 9.8
35 2025-07-23 22:47 UTC
2 CVE-2025-27591 Hot n/a n/a 8 2025-07-23 16:47 UTC
3 CVE-2025-32463 Hot n/a
v3.1 CRITICAL Score: 9.3
6 2025-07-22 10:47 UTC
4 CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
v3.1 HIGH Score: 8.1
5 2025-07-20 17:04 UTC
5 CVE-2025-25257 n/a n/a 5 2025-07-19 17:04 UTC
6 CVE-2025-34085 WordPress Simple File List Plugin < 4.2.3 Unauthenticated Remote Code Execution
v4.0 CRITICAL Score: 10
4 2025-07-22 16:47 UTC
7 CVE-2025-47812 n/a
v3.1 CRITICAL Score: 10
3 2025-07-17 17:04 UTC
8 CVE-2024-4947 n/a n/a 3 2025-07-23 10:47 UTC
9 CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability
v3.1 HIGH Score: 7.1
3 2025-07-22 10:47 UTC
10 CVE-2025-5777 NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
v4.0 CRITICAL Score: 9.3
3 2025-07-23 16:47 UTC
11 CVE-2025-49113 n/a
v3.1 CRITICAL Score: 9.9
3 2025-07-19 23:04 UTC
12 CVE-2022-1386 Fusion Builder < 3.6.2 - Unauthenticated SSRF n/a 2 2025-07-22 10:47 UTC
13 CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password in GitLab
v3.1 CRITICAL Score: 10
2 2025-07-21 17:04 UTC
14 CVE-2025-7783 n/a n/a 2 2025-07-18 17:04 UTC
15 CVE-2025-6558 n/a n/a 2 2025-07-17 17:04 UTC
16 CVE-2021-3156 n/a n/a 2 2025-07-18 11:04 UTC
17 CVE-2023-2598 n/a n/a 2 2025-07-23 10:47 UTC
18 CVE-2025-2825 n/a n/a 2 2025-07-22 10:47 UTC
19 CVE-2025-25014 n/a n/a 2 2025-07-21 23:04 UTC
20 CVE-2025-51970 n/a n/a 2 2025-07-20 11:04 UTC
21 CVE-2024-47575 n/a
v3.1 CRITICAL Score: 9.8
2 2025-07-19 23:04 UTC
22 CVE-2025-7795 n/a n/a 2 2025-07-19 17:04 UTC
23 CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse
v3.1 MEDIUM Score: 6.8
2 2025-07-23 22:47 UTC
24 CVE-2025-27210 n/a
v3.0 HIGH Score: 7.5
2 2025-07-18 17:04 UTC
25 CVE-2025-32023 n/a n/a 2 2025-07-20 11:04 UTC
26 CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
v3.1 CRITICAL Score: 9.8
2 2025-07-21 23:04 UTC
27 CVE-2025-30065 Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
v4.0 CRITICAL Score: 10
2 2025-07-17 17:04 UTC
28 CVE-2019-7139 n/a n/a 2 2025-07-22 05:04 UTC
29 CVE-2024-4577 Argument Injection in PHP-CGI
v3.1 CRITICAL Score: 9.8
2 2025-07-23 04:47 UTC
30 CVE-2025-7753 n/a n/a 2 2025-07-18 17:04 UTC
31 CVE-2025-51385 n/a n/a 2 2025-07-22 16:47 UTC
32 CVE-2025-8018 n/a n/a 2 2025-07-23 16:47 UTC
33 CVE-2023-51385 n/a n/a 2 2025-07-22 16:47 UTC
34 CVE-2025-47917 n/a n/a 2 2025-07-22 05:04 UTC
35 CVE-2021-32099 n/a n/a 2 2025-07-18 17:04 UTC
36 CVE-2025-7766 Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
v4.0 HIGH Score: 8.6
2 2025-07-23 22:47 UTC
37 CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability
v3.1 HIGH Score: 7.5
2 2025-07-23 16:47 UTC
38 CVE-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint
v4.0 MEDIUM Score: 5.1
2 2025-07-21 11:04 UTC
39 CVE-2024-9264 Grafana SQL Expressions allow for remote code execution
v4.0 CRITICAL Score: 9.4
2 2025-07-21 17:04 UTC
40 CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos
v3.1 HIGH Score: 8.1
2 2025-07-23 16:47 UTC
41 CVE-2022-26671 TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials
v3.1 HIGH Score: 7.3
1 2025-07-22 22:47 UTC
42 CVE-2025-50716 n/a n/a 1 2025-07-17 11:04 UTC
43 CVE-2018-14040 n/a n/a 1 2025-07-21 11:04 UTC
44 CVE-2025-51862 n/a n/a 1 2025-07-19 17:04 UTC
45 CVE-2025-20337 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
v3.1 CRITICAL Score: 10
1 2025-07-19 11:04 UTC
46 CVE-2019-8331 n/a n/a 1 2025-07-21 11:04 UTC
47 CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
v4.0 CRITICAL Score: 9.3
1 2025-07-23 16:47 UTC
48 CVE-2025-6082 n/a n/a 1 2025-07-22 16:47 UTC
49 CVE-2025-51396 n/a n/a 1 2025-07-20 11:04 UTC
50 CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing) n/a 1 2025-07-23 04:47 UTC
51 CVE-2025-32462 n/a
v3.1 LOW Score: 2.8
1 2025-07-21 17:04 UTC
52 CVE-2022-44136 n/a n/a 1 2025-07-18 11:04 UTC
53 CVE-2024-20767 ColdFusion | Improper Access Control (CWE-284)
v3.1 HIGH Score: 7.4
1 2025-07-19 11:04 UTC
54 CVE-2025-50777 n/a n/a 1 2025-07-23 22:47 UTC
55 CVE-2025-7840 Campcodes Online Movie Theater Seat Reservation System Reserve Your Seat Page index.php cross site scripting
v4.0 MEDIUM Score: 5.1
1 2025-07-20 17:04 UTC
56 CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT n/a 1 2025-07-19 17:04 UTC
57 CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability
v3.1 CRITICAL Score: 9.8
1 2025-07-23 22:47 UTC
58 CVE-2025-49721 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-07-20 11:04 UTC
59 CVE-2025-4380 n/a n/a 1 2025-07-20 23:04 UTC
60 CVE-2025-51401 n/a n/a 1 2025-07-20 11:04 UTC
61 CVE-2025-51860 n/a n/a 1 2025-07-19 11:04 UTC
62 CVE-2025-51864 n/a n/a 1 2025-07-19 17:04 UTC
63 CVE-2025-47176 Microsoft Outlook Remote Code Execution Vulnerability
v3.1 HIGH Score: 7.8
1 2025-07-18 17:04 UTC
64 CVE-2025-46099 n/a n/a 1 2025-07-18 23:04 UTC
65 CVE-2025-51859 n/a n/a 1 2025-07-19 11:04 UTC
66 CVE-2024-39930 n/a
v3.1 CRITICAL Score: 9.9
1 2025-07-22 16:47 UTC
67 CVE-2025-41646 RevPi Webstatus application is vulnerable to an authentication bypass
v3.1 CRITICAL Score: 9.8
1 2025-07-19 17:04 UTC
68 CVE-2024-6485 XSS in Bootstrap button component
v3.1 MEDIUM Score: 6.4
1 2025-07-21 11:04 UTC
69 CVE-2025-53640 n/a n/a 1 2025-07-19 17:04 UTC
70 CVE-2025-51865 n/a n/a 1 2025-07-19 17:04 UTC
71 CVE-2025-51867 n/a n/a 1 2025-07-19 17:04 UTC
72 CVE-2025-6965 Integer Truncation on SQLite
v4.0 HIGH Score: 7.2
1 2025-07-22 16:47 UTC
73 CVE-2022-0492 n/a n/a 1 2025-07-20 17:04 UTC
74 CVE-2025-53367 DjVuLibre OOB-Write Vulnerability in MMRDecoder
v4.0 HIGH Score: 8.4
1 2025-07-18 17:04 UTC
75 CVE-2025-50721 n/a n/a 1 2025-07-17 11:04 UTC
76 CVE-2025-51869 n/a n/a 1 2025-07-19 17:04 UTC
77 CVE-2025-6058 WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload
v3.1 CRITICAL Score: 9.8
1 2025-07-22 22:47 UTC
78 CVE-2025-51400 n/a n/a 1 2025-07-20 11:04 UTC
79 CVE-2025-51403 n/a n/a 1 2025-07-20 11:04 UTC
80 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
1 2025-07-23 22:47 UTC
81 CVE-2025-51398 n/a n/a 1 2025-07-20 11:04 UTC
82 CVE-2025-51397 n/a n/a 1 2025-07-20 11:04 UTC
83 CVE-2025-31161 n/a
v3.1 CRITICAL Score: 9.8
1 2025-07-19 23:04 UTC
84 CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms
v3.0 MEDIUM Score: 6.8
1 2025-07-22 05:04 UTC
85 CVE-2025-51858 n/a n/a 1 2025-07-19 11:04 UTC
86 CVE-2016-10735 n/a n/a 1 2025-07-21 11:04 UTC
87 CVE-2024-10858 Jetpack 13.0-14.0 - Unauthenticated DOM-XSS n/a 1 2025-07-23 16:47 UTC
88 CVE-2025-51863 n/a n/a 1 2025-07-19 17:04 UTC
89 CVE-2025-51868 n/a n/a 1 2025-07-19 17:04 UTC
90 CVE-2017-12637 n/a n/a 1 2025-07-23 22:47 UTC