GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-4427 Hot | Authentication Bypass |
v3.1
MEDIUM
Score: 5.3
|
5 | 2025-05-17 15:35 UTC |
| 2 | CVE-2025-24203 Hot | n/a | n/a | 4 | 2025-05-13 21:19 UTC |
| 3 | CVE-2025-4094 Hot | n/a | n/a | 4 | 2025-05-15 15:36 UTC |
| 4 | CVE-2021-4034 | n/a | n/a | 3 | 2025-05-17 09:35 UTC |
| 5 | CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | n/a | 3 | 2025-05-15 15:36 UTC |
| 6 | CVE-2024-4577 | Argument Injection in PHP-CGI |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-05-12 07:17 UTC |
| 7 | CVE-2025-31258 | n/a | n/a | 2 | 2025-05-15 05:11 UTC |
| 8 | CVE-2025-27636 | Apache Camel: Camel Message Header Injection via Improper Filtering | n/a | 2 | 2025-05-14 20:59 UTC |
| 9 | CVE-2025-32407 | n/a | n/a | 2 | 2025-05-14 20:59 UTC |
| 10 | CVE-2025-0411 | 7-Zip Mark-of-the-Web Bypass Vulnerability |
v3.0
HIGH
Score: 7
|
2 | 2025-05-11 21:02 UTC |
| 11 | CVE-2024-37010 | n/a | n/a | 2 | 2025-05-14 20:59 UTC |
| 12 | CVE-2025-4428 | Remote Code Execution |
v3.1
HIGH
Score: 7.2
|
2 | 2025-05-16 03:44 UTC |
| 13 | CVE-2022-21661 | SQL injection in WordPress |
v3.1
HIGH
Score: 8
|
2 | 2025-05-13 06:37 UTC |
| 14 | CVE-2024-3661 | DHCP routing options can manipulate interface-based VPN traffic |
v3.1
HIGH
Score: 7.6
|
2 | 2025-05-16 21:18 UTC |
| 15 | CVE-2024-51793 | WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability |
v3.1
CRITICAL
Score: 10
|
2 | 2025-05-16 00:32 UTC |
| 16 | CVE-2015-3306 | n/a | n/a | 2 | 2025-05-14 14:59 UTC |
| 17 | CVE-2025-31200 | n/a | n/a | 2 | 2025-05-18 02:05 UTC |
| 18 | CVE-2025-4664 | n/a | n/a | 2 | 2025-05-18 08:05 UTC |
| 19 | CVE-2025-3248 | Langflow Unauth RCE |
v3.1
CRITICAL
Score: 9.8
|
2 | 2025-05-13 21:19 UTC |
| 20 | CVE-2025-4921 | n/a | n/a | 2 | 2025-05-18 02:05 UTC |
| 21 | CVE-2025-32756 | n/a | n/a | 2 | 2025-05-15 05:11 UTC |
| 22 | CVE-2025-24132 | n/a | n/a | 1 | 2025-05-14 14:59 UTC |
| 23 | CVE-2025-4688 | n/a | n/a | 1 | 2025-05-16 00:32 UTC |
| 24 | CVE-2025-4822 | n/a | n/a | 1 | 2025-05-16 15:27 UTC |
| 25 | CVE-2025-4686 | n/a | n/a | 1 | 2025-05-16 00:32 UTC |
| 26 | CVE-2025-44228 | n/a | n/a | 1 | 2025-05-17 15:35 UTC |
| 27 | CVE-2025-12654 | n/a | n/a | 1 | 2025-05-17 15:35 UTC |
| 28 | CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
1 | 2025-05-14 05:22 UTC |
| 29 | CVE-2025-3605 | n/a | n/a | 1 | 2025-05-16 00:32 UTC |
| 30 | CVE-2023-20198 | n/a |
v3.1
CRITICAL
Score: 10
|
1 | 2025-05-16 00:32 UTC |
| 31 | CVE-2024-55466 | n/a | n/a | 1 | 2025-05-12 21:02 UTC |
| 32 | CVE-2025-4190 | CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload | n/a | 1 | 2025-05-16 00:32 UTC |
| 33 | CVE-2023-37582 | Apache RocketMQ: Possible remote code execution when using the update configuration function | n/a | 1 | 2025-05-12 07:17 UTC |
| 34 | CVE-2024-44258 | n/a | n/a | 1 | 2025-05-18 02:05 UTC |
| 35 | CVE-2025-47646 | n/a | n/a | 1 | 2025-05-16 09:18 UTC |
| 36 | CVE-2024-10220 | Arbitrary command execution through gitRepo volume |
v3.1
HIGH
Score: 8.1
|
1 | 2025-05-12 21:02 UTC |
| 37 | CVE-2025-32583 | WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability |
v3.1
CRITICAL
Score: 9.9
|
1 | 2025-05-16 15:27 UTC |
| 38 | CVE-2020-27347 | tmux stack buffer overflow in function input_csi_dispatch_sgr_colon |
v3.1
HIGH
Score: 8.8
|
1 | 2025-05-16 15:27 UTC |
| 39 | CVE-2025-24085 | n/a | n/a | 1 | 2025-05-13 15:02 UTC |
| 40 | CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-05-13 21:19 UTC |
| 41 | CVE-2025-30397 | Scripting Engine Memory Corruption Vulnerability |
v3.1
HIGH
Score: 7.5
|
1 | 2025-05-15 15:36 UTC |
| 42 | CVE-2025-47539 | n/a | n/a | 1 | 2025-05-18 02:05 UTC |
| 43 | CVE-2022-41082 | Microsoft Exchange Server Remote Code Execution Vulnerability |
v3.1
HIGH
Score: 8
|
1 | 2025-05-16 15:27 UTC |
| 44 | CVE-2025-4784 | n/a | n/a | 1 | 2025-05-16 00:32 UTC |
| 45 | CVE-2020-24913 | n/a | n/a | 1 | 2025-05-12 07:17 UTC |