GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data

If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
Switch the timeframe to spot emerging threats or long-term trends.

Rank	CVE	Title	Metrics	Repo count	Last seen
1	CVE-2025-32463 Hot	n/a	v3.1 CRITICAL Score: 9.3	33	2025-07-05 21:40 UTC
2	CVE-2025-32462 Hot	n/a	v3.1 LOW Score: 2.8	11	2025-07-04 21:40 UTC
3	CVE-2025-47812 Hot	n/a	n/a	7	2025-07-04 21:40 UTC
4	CVE-2025-20281	Cisco ISE API Unauthenticated Remote Code Execution Vulnerability	v3.1 CRITICAL Score: 9.8	6	2025-07-04 15:40 UTC
5	CVE-2025-5777	NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread	v4.0 CRITICAL Score: 9.3	6	2025-07-05 15:40 UTC
6	CVE-2025-6218	n/a	n/a	5	2025-07-03 09:40 UTC
7	CVE-2025-6554	n/a	n/a	4	2025-07-05 21:40 UTC
8	CVE-2024-27388	SUNRPC: fix some memleaks in gssx_dec_option_array	n/a	3	2025-06-30 15:40 UTC
9	CVE-2025-6543	Memory overflow vulnerability leading to unintended control flow and Denial of Service	v4.0 CRITICAL Score: 9.2	3	2025-07-03 21:40 UTC
10	CVE-2025-6019	Libblockdev: lpe from allow_active to root in libblockdev via udisks	v3.1 HIGH Score: 7	3	2025-07-03 15:40 UTC
11	CVE-2025-6934	Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'	v3.1 CRITICAL Score: 9.8	3	2025-07-02 15:40 UTC
12	CVE-2025-49493	n/a	v3.1 MEDIUM Score: 5.8	3	2025-07-05 15:40 UTC
13	CVE-2025-45407	n/a	n/a	3	2025-07-03 15:40 UTC
14	CVE-2024-4040	Unauthenticated arbitrary file read and remote code execution in CrushFTP	v3.1 CRITICAL Score: 9.8	2	2025-07-04 15:40 UTC
15	CVE-2018-6574	n/a	n/a	2	2025-07-02 03:40 UTC
16	CVE-2024-40898	Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows	n/a	2	2025-06-30 15:40 UTC
17	CVE-2024-39930	n/a	v3.1 CRITICAL Score: 9.9	2	2025-07-01 21:40 UTC
18	CVE-2021-41773	Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49	n/a	2	2025-07-02 21:40 UTC
19	CVE-2025-41646	RevPi Webstatus application is vulnerable to an authentication bypass	v3.1 CRITICAL Score: 9.8	2	2025-07-04 09:40 UTC
20	CVE-2025-0411	7-Zip Mark-of-the-Web Bypass Vulnerability	v3.0 HIGH Score: 7	2	2025-07-05 15:40 UTC
21	CVE-2024-48061	n/a	n/a	2	2025-07-03 21:40 UTC
22	CVE-2023-5561	WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure	n/a	2	2025-07-01 09:40 UTC
23	CVE-2025-49596	MCP Inspector proxy server lacks authentication between the Inspector client and proxy	v4.0 CRITICAL Score: 9.4	2	2025-07-03 21:40 UTC
24	CVE-2025-49144	Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path	v3.1 HIGH Score: 7.3	2	2025-07-02 09:40 UTC
25	CVE-2022-25869	Cross-site Scripting (XSS)	v3.1 MEDIUM Score: 4.2	1	2025-07-02 09:40 UTC
26	CVE-2025-29629	n/a	n/a	1	2025-07-04 21:40 UTC
27	CVE-2024-42364	homepage DNS rebinding vulnerability (GHSL-2024-096)	v3.1 MEDIUM Score: 6.5	1	2025-07-05 21:40 UTC
28	CVE-2024-8636	n/a	n/a	1	2025-07-02 09:40 UTC
29	CVE-2024-8193	n/a	n/a	1	2025-07-02 09:40 UTC
30	CVE-2025-47175	Microsoft PowerPoint Remote Code Execution Vulnerability	v3.1 HIGH Score: 7.8	1	2025-07-02 15:40 UTC
31	CVE-2022-46169	Unauthenticated Command Injection	v3.1 CRITICAL Score: 9.8	1	2025-07-02 09:40 UTC
32	CVE-2025-24071	Microsoft Windows File Explorer Spoofing Vulnerability	v3.1 MEDIUM Score: 6.5	1	2025-07-05 09:40 UTC
33	CVE-2025-5961	n/a	n/a	1	2025-07-04 15:40 UTC
34	CVE-2025-38089	sunrpc: handle SVC_GARBAGE during svc auth processing as auth error	n/a	1	2025-07-02 09:40 UTC
35	CVE-2025-49132	n/a	n/a	1	2025-07-04 09:40 UTC
36	CVE-2024-8198	n/a	n/a	1	2025-07-02 09:40 UTC
37	CVE-2024-6345	Remote Code Execution in pypa/setuptools	v3.0 HIGH Score: 8.8	1	2025-07-01 03:40 UTC
38	CVE-2021-29447	WordPress Authenticated XXE attack when installation is running PHP 8	v3.1 HIGH Score: 7.1	1	2025-07-04 09:40 UTC
39	CVE-2025-31650	Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame	n/a	1	2025-07-02 03:40 UTC
40	CVE-2025-4664	n/a	n/a	1	2025-06-30 21:40 UTC
41	CVE-2025-6018	n/a	n/a	1	2025-07-03 15:40 UTC
42	CVE-2025-6855	n/a	n/a	1	2025-07-02 21:40 UTC
43	CVE-2025-27817	n/a	n/a	1	2025-07-04 03:40 UTC
44	CVE-2025-23968	n/a	n/a	1	2025-07-03 21:40 UTC
45	CVE-2018-4386	n/a	n/a	1	2025-07-03 15:40 UTC
46	CVE-2025-30208	Vite bypasses server.fs.deny when using `?raw??`	v3.1 MEDIUM Score: 5.3	1	2025-06-29 15:40 UTC
47	CVE-2025-49029	WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability	v3.1 CRITICAL Score: 9.1	1	2025-07-01 21:40 UTC
48	CVE-2025-6860	SourceCodester Best Salon Management System staff_commision.php sql injection	v4.0 MEDIUM Score: 5.3	1	2025-06-30 03:40 UTC
49	CVE-2025-29630	n/a	n/a	1	2025-07-04 21:40 UTC
50	CVE-2024-7966	n/a	n/a	1	2025-07-02 09:40 UTC
51	CVE-2022-0847	n/a	n/a	1	2025-07-01 21:40 UTC
52	CVE-2024-28084	n/a	n/a	1	2025-07-05 21:40 UTC
53	CVE-2025-22963	n/a	v3.1 HIGH Score: 7.5	1	2025-07-05 09:40 UTC
54	CVE-2022-2586	n/a	v3.1 MEDIUM Score: 5.3	1	2025-06-30 21:40 UTC
55	CVE-2025-29927	Authorization Bypass in Next.js Middleware	v3.1 CRITICAL Score: 9.1	1	2025-06-29 15:40 UTC
56	CVE-2024-54085	Redfish Authentication Bypass	v4.0 CRITICAL Score: 10	1	2025-06-30 03:40 UTC
57	CVE-2025-29628	n/a	n/a	1	2025-07-04 21:40 UTC
58	CVE-2025-29631	n/a	n/a	1	2025-07-04 21:40 UTC
59	CVE-2024-35198	TorchServe bypass allowed_urls configuration	v3.1 CRITICAL Score: 9.8	1	2025-07-05 21:40 UTC
60	CVE-2024-9264	Grafana SQL Expressions allow for remote code execution	v4.0 CRITICAL Score: 9.4	1	2025-07-05 15:40 UTC