GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data

If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
Switch the timeframe to spot emerging threats or long-term trends.

Rank	CVE	Title	Metrics	Repo count	Last seen
1	CVE-2025-48384 Hot	Git allows arbitrary code execution through broken config quoting	v3.1 HIGH Score: 8.1	7	2025-08-29 15:33 UTC
2	CVE-2025-57819 Hot	FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE	v4.0 CRITICAL Score: 10	4	2025-08-29 15:33 UTC
3	CVE-2025-55763 Hot	n/a	n/a	2	2025-08-29 15:33 UTC
4	CVE-2025-55579	n/a	n/a	2	2025-08-29 15:33 UTC
5	CVE-2025-34040	Zhiyuan OA System Path Traversal File Upload	v4.0 CRITICAL Score: 10	2	2025-08-29 09:33 UTC
6	CVE-2025-5419	n/a	n/a	2	2025-08-29 03:33 UTC
7	CVE-2025-52100	n/a	n/a	2	2025-08-29 09:33 UTC
8	CVE-2025-49113	n/a	v3.1 CRITICAL Score: 9.9	2	2025-08-29 21:33 UTC
9	CVE-2025-55580	n/a	n/a	2	2025-08-29 15:33 UTC
10	CVE-2025-55188	n/a	n/a	2	2025-08-29 09:33 UTC
11	CVE-2025-47987	Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability	v3.1 HIGH Score: 7.8	1	2025-08-28 21:32 UTC
12	CVE-2022-20421	n/a	n/a	1	2025-08-29 03:33 UTC
13	CVE-2025-0309	n/a	n/a	1	2025-08-29 15:33 UTC
14	CVE-2024-12877	GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection	v3.1 CRITICAL Score: 9.8	1	2025-08-28 21:32 UTC
15	CVE-2025-54309	n/a	v3.1 CRITICAL Score: 9	1	2025-08-29 03:33 UTC