GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-32463 Hot | n/a |
v3.1
CRITICAL
Score: 9.3
|
13 | 2025-07-03 09:40 UTC |
| 2 | CVE-2025-49144 Hot | Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path |
v3.1
HIGH
Score: 7.3
|
8 | 2025-07-02 09:40 UTC |
| 3 | CVE-2025-6218 Hot | n/a | n/a | 6 | 2025-07-03 09:40 UTC |
| 4 | CVE-2025-20281 | Cisco ISE API Unauthenticated Remote Code Execution Vulnerability |
v3.1
CRITICAL
Score: 9.8
|
6 | 2025-07-03 03:40 UTC |
| 5 | CVE-2025-47812 | n/a | n/a | 5 | 2025-07-03 03:40 UTC |
| 6 | CVE-2024-27388 | SUNRPC: fix some memleaks in gssx_dec_option_array | n/a | 4 | 2025-06-30 15:40 UTC |
| 7 | CVE-2025-6934 | Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user' |
v3.1
CRITICAL
Score: 9.8
|
3 | 2025-07-02 15:40 UTC |
| 8 | CVE-2025-5777 | NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread |
v4.0
CRITICAL
Score: 9.3
|
3 | 2025-06-30 15:40 UTC |
| 9 | CVE-2025-32462 | n/a |
v3.1
LOW
Score: 2.8
|
3 | 2025-07-03 09:40 UTC |
| 10 | CVE-2021-41773 | Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 | n/a | 2 | 2025-07-02 21:40 UTC |
| 11 | CVE-2025-31650 | Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame | n/a | 2 | 2025-07-02 03:40 UTC |
| 12 | CVE-2025-6543 | Memory overflow vulnerability leading to unintended control flow and Denial of Service |
v4.0
CRITICAL
Score: 9.2
|
2 | 2025-06-30 09:40 UTC |
| 13 | CVE-2024-40898 | Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows | n/a | 2 | 2025-06-30 15:40 UTC |
| 14 | CVE-2024-39930 | n/a |
v3.1
CRITICAL
Score: 9.9
|
2 | 2025-07-01 21:40 UTC |
| 15 | CVE-2025-30208 | Vite bypasses server.fs.deny when using `?raw??` |
v3.1
MEDIUM
Score: 5.3
|
2 | 2025-06-29 15:40 UTC |
| 16 | CVE-2018-6574 | n/a | n/a | 2 | 2025-07-02 03:40 UTC |
| 17 | CVE-2023-5561 | WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure | n/a | 2 | 2025-07-01 09:40 UTC |
| 18 | CVE-2022-2586 | n/a |
v3.1
MEDIUM
Score: 5.3
|
1 | 2025-06-30 21:40 UTC |
| 19 | CVE-2025-29927 | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
|
1 | 2025-06-29 15:40 UTC |
| 20 | CVE-2024-54085 | Redfish Authentication Bypass |
v4.0
CRITICAL
Score: 10
|
1 | 2025-06-30 03:40 UTC |
| 21 | CVE-2022-25869 | Cross-site Scripting (XSS) |
v3.1
MEDIUM
Score: 4.2
|
1 | 2025-07-02 09:40 UTC |
| 22 | CVE-2025-48703 | n/a | n/a | 1 | 2025-06-26 16:43 UTC |
| 23 | CVE-2024-8636 | n/a | n/a | 1 | 2025-07-02 09:40 UTC |
| 24 | CVE-2024-8193 | n/a | n/a | 1 | 2025-07-02 09:40 UTC |
| 25 | CVE-2025-47175 | Microsoft PowerPoint Remote Code Execution Vulnerability |
v3.1
HIGH
Score: 7.8
|
1 | 2025-07-02 15:40 UTC |
| 26 | CVE-2022-46169 | Unauthenticated Command Injection |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-07-02 09:40 UTC |
| 27 | CVE-2024-6345 | Remote Code Execution in pypa/setuptools |
v3.0
HIGH
Score: 8.8
|
1 | 2025-07-01 03:40 UTC |
| 28 | CVE-2025-38089 | sunrpc: handle SVC_GARBAGE during svc auth processing as auth error | n/a | 1 | 2025-07-02 09:40 UTC |
| 29 | CVE-2024-8198 | n/a | n/a | 1 | 2025-07-02 09:40 UTC |
| 30 | CVE-2014-0160 | n/a | n/a | 1 | 2025-06-28 03:40 UTC |
| 31 | CVE-2023-5180 | Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12 |
v3.1
HIGH
Score: 7.8
|
1 | 2025-06-27 09:40 UTC |
| 32 | CVE-2025-6019 | Libblockdev: lpe from allow_active to root in libblockdev via udisks |
v3.1
HIGH
Score: 7
|
1 | 2025-06-29 15:40 UTC |
| 33 | CVE-2025-4664 | n/a | n/a | 1 | 2025-06-30 21:40 UTC |
| 34 | CVE-2025-4334 | Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-06-26 16:43 UTC |
| 35 | CVE-2025-6855 | n/a | n/a | 1 | 2025-07-02 21:40 UTC |
| 36 | CVE-2025-49493 | n/a |
v3.1
MEDIUM
Score: 5.8
|
1 | 2025-07-01 21:40 UTC |
| 37 | CVE-2022-22965 | n/a | n/a | 1 | 2025-06-28 15:40 UTC |
| 38 | CVE-2024-3094 | Xz: malicious code in distributed source |
v3.1
CRITICAL
Score: 10
|
1 | 2025-06-27 21:40 UTC |
| 39 | CVE-2025-49029 | WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability |
v3.1
CRITICAL
Score: 9.1
|
1 | 2025-07-01 21:40 UTC |
| 40 | CVE-2025-6860 | SourceCodester Best Salon Management System staff_commision.php sql injection |
v4.0
MEDIUM
Score: 5.3
|
1 | 2025-06-30 03:40 UTC |
| 41 | CVE-2025-1562 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-06-27 09:40 UTC |
| 42 | CVE-2024-7966 | n/a | n/a | 1 | 2025-07-02 09:40 UTC |
| 43 | CVE-2024-43425 | Moodle: remote code execution via calculated question types |
v3.1
HIGH
Score: 8.1
|
1 | 2025-06-28 09:40 UTC |
| 44 | CVE-2022-0847 | n/a | n/a | 1 | 2025-07-01 21:40 UTC |
| 45 | CVE-2024-4367 | n/a | n/a | 1 | 2025-06-28 21:40 UTC |
| 46 | CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 8.8
|
1 | 2025-06-28 21:40 UTC |