GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-46801 Hot | n/a | n/a | 8 | 2025-05-23 15:31 UTC |
| 2 | CVE-2025-4918 Hot | n/a | n/a | 7 | 2025-05-23 15:31 UTC |
| 3 | CVE-2025-4123 Hot | n/a |
v3.1
HIGH
Score: 7.6
|
4 | 2025-05-23 15:31 UTC |
| 4 | CVE-2025-4322 | n/a | n/a | 3 | 2025-05-22 15:31 UTC |
| 5 | CVE-2024-21762 | n/a |
v3.1
CRITICAL
Score: 9.6
|
2 | 2025-05-22 21:31 UTC |
| 6 | CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability |
v3.1
MEDIUM
Score: 6.5
|
2 | 2025-05-20 00:11 UTC |
| 7 | CVE-2025-4921 | n/a | n/a | 2 | 2025-05-18 02:05 UTC |
| 8 | CVE-2025-29813 | n/a | n/a | 2 | 2025-05-20 00:11 UTC |
| 9 | CVE-2025-4664 | n/a | n/a | 2 | 2025-05-18 08:05 UTC |
| 10 | CVE-2025-12654 | n/a | n/a | 2 | 2025-05-21 21:31 UTC |
| 11 | CVE-2021-38003 | n/a | n/a | 2 | 2025-05-20 00:11 UTC |
| 12 | CVE-2025-31200 | n/a | n/a | 2 | 2025-05-18 02:05 UTC |
| 13 | CVE-2025-44228 | n/a | n/a | 2 | 2025-05-21 21:31 UTC |
| 14 | CVE-2024-4577 | Argument Injection in PHP-CGI |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-05-20 00:11 UTC |
| 15 | CVE-2025-46822 | Unauthenticated Arbitrary File Read via Absolute Path |
v4.0
HIGH
Score: 7.7
|
2 | 2025-05-23 12:24 UTC |
| 16 | CVE-2024-12583 | Dynamics 365 Integration <= 1.3.23 - Authenticated (Contributor+) Remote Code Execution and Arbitrary File Read via Twig Server-Side Template Injection |
v3.1
CRITICAL
Score: 9.9
|
2 | 2025-05-23 15:31 UTC |
| 17 | CVE-2025-47646 | n/a | n/a | 2 | 2025-05-20 12:11 UTC |
| 18 | CVE-2025-4611 | Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode |
v3.1
MEDIUM
Score: 6.4
|
2 | 2025-05-23 12:24 UTC |
| 19 | CVE-2025-47827 | n/a | n/a | 2 | 2025-05-20 12:11 UTC |
| 20 | CVE-2025-24085 | n/a | n/a | 2 | 2025-05-21 00:11 UTC |
| 21 | CVE-2024-9463 | Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure |
v4.0
CRITICAL
Score: 9.9
|
2 | 2025-05-22 21:31 UTC |
| 22 | CVE-2025-31161 | n/a |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-05-23 21:31 UTC |
| 23 | CVE-2025-4427 | Authentication Bypass |
v3.1
MEDIUM
Score: 5.3
|
2 | 2025-05-17 15:35 UTC |
| 24 | CVE-2024-53677 | Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks |
v4.0
CRITICAL
Score: 9.5
|
2 | 2025-05-20 09:00 UTC |
| 25 | CVE-2021-41773 | Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 | n/a | 2 | 2025-05-20 00:11 UTC |
| 26 | CVE-2025-2135 | n/a | n/a | 1 | 2025-05-20 00:11 UTC |
| 27 | CVE-2025-40775 | DNS message with invalid TSIG causes an assertion failure |
v3.1
HIGH
Score: 7.5
|
1 | 2025-05-23 06:54 UTC |
| 28 | CVE-2025-44108 | n/a | n/a | 1 | 2025-05-22 09:31 UTC |
| 29 | CVE-2025-44998 | n/a | n/a | 1 | 2025-05-23 06:54 UTC |
| 30 | CVE-2025-5058 | n/a | n/a | 1 | 2025-05-23 21:31 UTC |
| 31 | CVE-2025-24104 | n/a | n/a | 1 | 2025-05-18 20:05 UTC |
| 32 | CVE-2011-0762 | n/a | n/a | 1 | 2025-05-20 00:11 UTC |
| 33 | CVE-2024-56428 | n/a | n/a | 1 | 2025-05-21 09:31 UTC |
| 34 | CVE-2025-24799 | GLPI allows unauthenticated SQL injection through the inventory endpoint |
v3.1
HIGH
Score: 7.5
|
1 | 2025-05-22 21:31 UTC |
| 35 | CVE-2025-29927 | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
|
1 | 2025-05-23 12:24 UTC |
| 36 | CVE-2022-46169 | Unauthenticated Command Injection |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-05-21 15:31 UTC |
| 37 | CVE-2025-37899 | n/a | n/a | 1 | 2025-05-22 15:31 UTC |
| 38 | CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-05-24 09:31 UTC |
| 39 | CVE-2024-41713 | n/a | n/a | 1 | 2025-05-18 14:05 UTC |
| 40 | CVE-2024-56429 | n/a | n/a | 1 | 2025-05-21 09:31 UTC |
| 41 | CVE-2023-38840 | n/a | n/a | 1 | 2025-05-21 09:31 UTC |
| 42 | CVE-2013-4786 | n/a | n/a | 1 | 2025-05-23 12:24 UTC |
| 43 | CVE-2025-32756 | n/a | n/a | 1 | 2025-05-18 14:05 UTC |
| 44 | CVE-2025-4919 | n/a | n/a | 1 | 2025-05-20 00:11 UTC |
| 45 | CVE-2024-3661 | DHCP routing options can manipulate interface-based VPN traffic |
v3.1
HIGH
Score: 7.6
|
1 | 2025-05-23 12:24 UTC |
| 46 | CVE-2024-3094 | Xz: malicious code in distributed source |
v3.1
CRITICAL
Score: 10
|
1 | 2025-05-20 12:11 UTC |
| 47 | CVE-2024-9474 | PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface |
v4.0
MEDIUM
Score: 5.9
|
1 | 2025-05-21 09:31 UTC |
| 48 | CVE-2024-0012 | PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) |
v4.0
MEDIUM
Score: 5.9
|
1 | 2025-05-21 09:31 UTC |
| 49 | CVE-2018-6574 | n/a | n/a | 1 | 2025-05-22 15:31 UTC |
| 50 | CVE-2025-47181 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 8.8
|
1 | 2025-05-23 21:31 UTC |
| 51 | CVE-2025-40634 | n/a | n/a | 1 | 2025-05-20 18:28 UTC |
| 52 | CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
1 | 2025-05-23 21:31 UTC |
| 53 | CVE-2024-44258 | n/a | n/a | 1 | 2025-05-18 02:05 UTC |
| 54 | CVE-2025-47539 | n/a | n/a | 1 | 2025-05-18 02:05 UTC |