GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-32463 Hot n/a
v3.1 CRITICAL Score: 9.3
20 2025-07-03 21:40 UTC
2 CVE-2025-32462 Hot n/a
v3.1 LOW Score: 2.8
7 2025-07-03 21:40 UTC
3 CVE-2025-6218 Hot n/a n/a 6 2025-07-03 09:40 UTC
4 CVE-2025-20281 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
v3.1 CRITICAL Score: 9.8
6 2025-07-03 03:40 UTC
5 CVE-2025-47812 n/a n/a 5 2025-07-03 03:40 UTC
6 CVE-2025-49144 Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
v3.1 HIGH Score: 7.3
5 2025-07-02 09:40 UTC
7 CVE-2024-27388 SUNRPC: fix some memleaks in gssx_dec_option_array n/a 4 2025-06-30 15:40 UTC
8 CVE-2025-6019 Libblockdev: lpe from allow_active to root in libblockdev via udisks
v3.1 HIGH Score: 7
3 2025-07-03 15:40 UTC
9 CVE-2025-45407 n/a n/a 3 2025-07-03 15:40 UTC
10 CVE-2025-6543 Memory overflow vulnerability leading to unintended control flow and Denial of Service
v4.0 CRITICAL Score: 9.2
3 2025-07-03 21:40 UTC
11 CVE-2025-5777 NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
v4.0 CRITICAL Score: 9.3
3 2025-06-30 15:40 UTC
12 CVE-2025-6934 Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'
v3.1 CRITICAL Score: 9.8
3 2025-07-02 15:40 UTC
13 CVE-2018-6574 n/a n/a 2 2025-07-02 03:40 UTC
14 CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 n/a 2 2025-07-02 21:40 UTC
15 CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows n/a 2 2025-06-30 15:40 UTC
16 CVE-2025-30208 Vite bypasses server.fs.deny when using `?raw??`
v3.1 MEDIUM Score: 5.3
2 2025-06-29 15:40 UTC
17 CVE-2024-39930 n/a
v3.1 CRITICAL Score: 9.9
2 2025-07-01 21:40 UTC
18 CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy
v4.0 CRITICAL Score: 9.4
2 2025-07-03 21:40 UTC
19 CVE-2024-48061 n/a n/a 2 2025-07-03 21:40 UTC
20 CVE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure n/a 2 2025-07-01 09:40 UTC
21 CVE-2025-31650 Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame n/a 2 2025-07-02 03:40 UTC
22 CVE-2024-54085 Redfish Authentication Bypass
v4.0 CRITICAL Score: 10
1 2025-06-30 03:40 UTC
23 CVE-2022-25869 Cross-site Scripting (XSS)
v3.1 MEDIUM Score: 4.2
1 2025-07-02 09:40 UTC
24 CVE-2024-8636 n/a n/a 1 2025-07-02 09:40 UTC
25 CVE-2024-8193 n/a n/a 1 2025-07-02 09:40 UTC
26 CVE-2025-47175 Microsoft PowerPoint Remote Code Execution Vulnerability
v3.1 HIGH Score: 7.8
1 2025-07-02 15:40 UTC
27 CVE-2022-46169 Unauthenticated Command Injection
v3.1 CRITICAL Score: 9.8
1 2025-07-02 09:40 UTC
28 CVE-2025-6554 n/a n/a 1 2025-07-03 21:40 UTC
29 CVE-2025-38089 sunrpc: handle SVC_GARBAGE during svc auth processing as auth error n/a 1 2025-07-02 09:40 UTC
30 CVE-2024-8198 n/a n/a 1 2025-07-02 09:40 UTC
31 CVE-2024-6345 Remote Code Execution in pypa/setuptools
v3.0 HIGH Score: 8.8
1 2025-07-01 03:40 UTC
32 CVE-2023-5180 Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12
v3.1 HIGH Score: 7.8
1 2025-06-27 09:40 UTC
33 CVE-2025-4664 n/a n/a 1 2025-06-30 21:40 UTC
34 CVE-2025-6018 n/a n/a 1 2025-07-03 15:40 UTC
35 CVE-2025-6855 n/a n/a 1 2025-07-02 21:40 UTC
36 CVE-2025-49493 n/a
v3.1 MEDIUM Score: 5.8
1 2025-07-01 21:40 UTC
37 CVE-2025-23968 n/a n/a 1 2025-07-03 21:40 UTC
38 CVE-2018-4386 n/a n/a 1 2025-07-03 15:40 UTC
39 CVE-2022-22965 n/a n/a 1 2025-06-28 15:40 UTC
40 CVE-2024-3094 Xz: malicious code in distributed source
v3.1 CRITICAL Score: 10
1 2025-06-27 21:40 UTC
41 CVE-2025-49029 WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability
v3.1 CRITICAL Score: 9.1
1 2025-07-01 21:40 UTC
42 CVE-2025-6860 SourceCodester Best Salon Management System staff_commision.php sql injection
v4.0 MEDIUM Score: 5.3
1 2025-06-30 03:40 UTC
43 CVE-2025-1562 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation
v3.1 CRITICAL Score: 9.8
1 2025-06-27 09:40 UTC
44 CVE-2024-7966 n/a n/a 1 2025-07-02 09:40 UTC
45 CVE-2024-43425 Moodle: remote code execution via calculated question types
v3.1 HIGH Score: 8.1
1 2025-06-28 09:40 UTC
46 CVE-2022-0847 n/a n/a 1 2025-07-01 21:40 UTC
47 CVE-2024-4367 n/a n/a 1 2025-06-28 21:40 UTC
48 CVE-2025-33073 Windows SMB Client Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
1 2025-06-28 21:40 UTC
49 CVE-2022-2586 n/a
v3.1 MEDIUM Score: 5.3
1 2025-06-30 21:40 UTC
50 CVE-2014-0160 n/a n/a 1 2025-06-28 03:40 UTC
51 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
1 2025-06-29 15:40 UTC