GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-48384 Hot | Git allows arbitrary code execution through broken config quoting |
v3.1
HIGH
Score: 8.1
|
9 | 2025-08-29 15:33 UTC |
| 2 | CVE-2025-57819 Hot | FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE |
v4.0
CRITICAL
Score: 10
|
4 | 2025-08-29 15:33 UTC |
| 3 | CVE-2025-8088 Hot | n/a | n/a | 4 | 2025-08-27 21:33 UTC |
| 4 | CVE-2025-7775 | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service |
v4.0
CRITICAL
Score: 9.2
|
3 | 2025-08-28 09:33 UTC |
| 5 | CVE-2025-32463 | n/a |
v3.1
CRITICAL
Score: 9.3
|
3 | 2025-08-27 21:33 UTC |
| 6 | CVE-2025-34040 | Zhiyuan OA System Path Traversal File Upload |
v4.0
CRITICAL
Score: 10
|
2 | 2025-08-29 09:33 UTC |
| 7 | CVE-2025-32433 | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
|
2 | 2025-08-28 15:33 UTC |
| 8 | CVE-2025-31200 | n/a | n/a | 2 | 2025-08-28 15:33 UTC |
| 9 | CVE-2025-55579 | n/a | n/a | 2 | 2025-08-29 15:33 UTC |
| 10 | CVE-2018-19323 | n/a | n/a | 2 | 2025-08-27 15:32 UTC |
| 11 | CVE-2023-45539 | n/a | n/a | 2 | 2025-08-27 09:33 UTC |
| 12 | CVE-2025-55763 | n/a | n/a | 2 | 2025-08-29 15:33 UTC |
| 13 | CVE-2025-5419 | n/a | n/a | 2 | 2025-08-29 03:33 UTC |
| 14 | CVE-2025-52100 | n/a | n/a | 2 | 2025-08-29 09:33 UTC |
| 15 | CVE-2025-49113 | n/a |
v3.1
CRITICAL
Score: 9.9
|
2 | 2025-08-29 21:33 UTC |
| 16 | CVE-2025-55580 | n/a | n/a | 2 | 2025-08-29 15:33 UTC |
| 17 | CVE-2025-55188 | n/a | n/a | 2 | 2025-08-29 09:33 UTC |
| 18 | CVE-2007-2447 | n/a | n/a | 2 | 2025-08-27 15:32 UTC |
| 19 | CVE-2025-54309 | n/a |
v3.1
CRITICAL
Score: 9
|
2 | 2025-08-29 03:33 UTC |
| 20 | CVE-2024-5083 | Nexus Repository 2 - Stored XSS |
v4.0
MEDIUM
Score: 5.1
|
1 | 2025-08-27 15:32 UTC |
| 21 | CVE-2025-34159 | n/a | n/a | 1 | 2025-08-27 21:33 UTC |
| 22 | CVE-2024-28397 | n/a | n/a | 1 | 2025-08-28 09:33 UTC |
| 23 | CVE-2025-29927 | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
|
1 | 2025-08-28 09:33 UTC |
| 24 | CVE-2022-20421 | n/a | n/a | 1 | 2025-08-29 03:33 UTC |
| 25 | CVE-2025-46724 | n/a | n/a | 1 | 2025-08-27 09:33 UTC |
| 26 | CVE-2024-12877 | GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-08-28 21:32 UTC |
| 27 | CVE-2025-38676 | n/a | n/a | 1 | 2025-08-27 03:33 UTC |
| 28 | CVE-2025-7955 | RingCentral Communications 1.5 - 1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-08-28 15:33 UTC |
| 29 | CVE-2025-34161 | Coolify Git Repository Field Command Injection in Project Deployment Workflow |
v4.0
CRITICAL
Score: 9.4
|
1 | 2025-08-27 21:33 UTC |
| 30 | CVE-2025-47987 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
1 | 2025-08-28 21:32 UTC |
| 31 | CVE-2025-6934 | Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-08-27 15:32 UTC |
| 32 | CVE-2025-0309 | n/a | n/a | 1 | 2025-08-29 15:33 UTC |