GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-8088 Hot n/a n/a 6 2025-09-18 11:29 UTC
2 CVE-2024-28397 Hot n/a n/a 5 2025-09-17 23:29 UTC
3 CVE-2025-57819 Hot FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
v4.0 CRITICAL Score: 10
3 2025-09-14 18:30 UTC
4 CVE-2025-55234 Windows SMB Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
3 2025-09-15 06:30 UTC
5 CVE-2025-44228 n/a n/a 3 2025-09-15 00:30 UTC
6 CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
v3.1 HIGH Score: 8.1
3 2025-09-13 06:30 UTC
7 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
3 2025-09-17 11:29 UTC
8 CVE-2025-59359 n/a n/a 2 2025-09-18 05:29 UTC
9 CVE-2019-3396 n/a n/a 2 2025-09-16 12:30 UTC
10 CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT n/a 2 2025-09-15 00:30 UTC
11 CVE-2025-53770 Microsoft SharePoint Server Remote Code Execution Vulnerability
v3.1 CRITICAL Score: 9.8
2 2025-09-13 12:30 UTC
12 CVE-2024-3094 Xz: malicious code in distributed source
v3.1 CRITICAL Score: 10
2 2025-09-12 06:30 UTC
13 CVE-2025-26686 Windows TCP/IP Remote Code Execution Vulnerability
v3.1 HIGH Score: 7.5
2 2025-09-16 06:30 UTC
14 CVE-2024-1709 Authentication bypass using an alternate path or channel
v3.1 CRITICAL Score: 10
2 2025-09-17 11:29 UTC
15 CVE-2025-27210 n/a
v3.0 HIGH Score: 7.5
2 2025-09-16 12:30 UTC
16 CVE-2025-56019 n/a n/a 2 2025-09-13 06:30 UTC
17 CVE-2025-54918 Windows NTLM Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
2 2025-09-17 11:29 UTC
18 CVE-2014-6287 n/a n/a 2 2025-09-16 18:30 UTC
19 CVE-2025-8571 Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page
v4.0 MEDIUM Score: 4.8
2 2025-09-12 18:30 UTC
20 CVE-2025-3248 Langflow Unauth RCE
v3.1 CRITICAL Score: 9.8
2 2025-09-17 11:29 UTC
21 CVE-2025-48543 n/a n/a 2 2025-09-14 18:30 UTC
22 CVE-2025-4123 n/a
v3.1 MEDIUM Score: 6.8
2 2025-09-12 12:30 UTC
23 CVE-2025-21692 net: sched: fix ets qdisc OOB Indexing n/a 2 2025-09-14 18:30 UTC
24 CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint
v3.1 HIGH Score: 7.5
2 2025-09-16 18:30 UTC
25 CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues
v3.1 HIGH Score: 7.5
2 2025-09-17 11:29 UTC
26 CVE-2025-8570 BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter
v3.1 CRITICAL Score: 9.8
2 2025-09-12 18:30 UTC
27 CVE-2010-1240 n/a n/a 2 2025-09-17 11:29 UTC
28 CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
2 2025-09-12 18:30 UTC
29 CVE-2023-30258 n/a n/a 1 2025-09-18 17:29 UTC
30 CVE-2025-29306 n/a n/a 1 2025-09-18 05:29 UTC
31 CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability
v3.1 LOW Score: 2.6
1 2025-09-17 11:29 UTC
32 CVE-2025-38501 n/a n/a 1 2025-09-15 12:30 UTC
33 CVE-2025-12654 n/a n/a 1 2025-09-15 00:30 UTC
34 CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers
v4.0 CRITICAL Score: 9.3
1 2025-09-16 00:30 UTC
35 CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)
v3.1 HIGH Score: 8.4
1 2025-09-17 11:29 UTC
36 CVE-2025-2945 pgAdmin 4: Remote Code Execution in Query Tool and Cloud Deployment
v3.1 CRITICAL Score: 9.9
1 2025-09-13 12:30 UTC
37 CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
v3.1 HIGH Score: 7.3
1 2025-09-17 17:29 UTC
38 CVE-2025-51006 n/a n/a 1 2025-09-12 18:30 UTC
39 CVE-2024-4701 Path Traversal vulnerability via File Uploads in Genie
v3.1 CRITICAL Score: 9.9
1 2025-09-12 12:30 UTC
40 CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
v3.1 CRITICAL Score: 10
1 2025-09-18 17:29 UTC
41 CVE-2024-9264 Grafana SQL Expressions allow for remote code execution
v4.0 CRITICAL Score: 9.4
1 2025-09-13 06:30 UTC
42 CVE-2025-59376 n/a n/a 1 2025-09-15 18:30 UTC
43 CVE-2025-31161 n/a
v3.1 CRITICAL Score: 9.8
1 2025-09-15 06:30 UTC
44 CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos
v3.1 HIGH Score: 8.1
1 2025-09-13 06:30 UTC
45 CVE-2025-53772 n/a n/a 1 2025-09-18 17:29 UTC
46 CVE-2025-50944 n/a n/a 1 2025-09-14 00:30 UTC
47 CVE-2024-43630 Windows Kernel Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-09-17 23:29 UTC
48 CVE-2025-9776 n/a n/a 1 2025-09-13 06:30 UTC
49 CVE-2025-3639 n/a n/a 1 2025-09-13 06:30 UTC
50 CVE-2025-46408 n/a n/a 1 2025-09-14 00:30 UTC
51 CVE-2007-2447 n/a n/a 1 2025-09-13 12:30 UTC
52 CVE-2025-55996 n/a n/a 1 2025-09-12 06:30 UTC
53 CVE-2021-22600 Double Free in net/packet/af_packet.c leading to priviledge escalation
v3.1 MEDIUM Score: 6.6
1 2025-09-17 11:29 UTC
54 CVE-2025-10533 n/a n/a 1 2025-09-16 18:30 UTC
55 CVE-2021-3493 n/a
v3.1 HIGH Score: 8.8
1 2025-09-13 18:30 UTC
56 CVE-2025-50110 n/a n/a 1 2025-09-14 00:30 UTC
57 CVE-2024-42009 n/a n/a 1 2025-09-15 00:30 UTC
58 CVE-2025-59377 n/a n/a 1 2025-09-15 18:30 UTC
59 CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability
v3.1 CRITICAL Score: 10
1 2025-09-12 18:30 UTC
60 CVE-2025-54106 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
v3.1 HIGH Score: 8.8
1 2025-09-16 18:30 UTC
61 CVE-2025-54309 n/a
v3.1 CRITICAL Score: 9
1 2025-09-13 12:30 UTC