GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-33053 Hot Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
v3.1 HIGH Score: 8.8
6 2025-06-18 23:56 UTC
2 CVE-2025-33073 Hot Windows SMB Client Elevation of Privilege Vulnerability
v3.1 HIGH Score: 8.8
5 2025-06-15 11:56 UTC
3 CVE-2025-49113 Hot n/a
v3.1 CRITICAL Score: 9.9
5 2025-06-17 23:56 UTC
4 CVE-2025-3248 Langflow Unauth RCE
v3.1 CRITICAL Score: 9.8
4 2025-06-18 23:56 UTC
5 CVE-2025-0133 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Gateway and Portal
v4.0 MEDIUM Score: 6.9
3 2025-06-18 11:56 UTC
6 CVE-2016-3088 n/a n/a 2 2025-06-16 11:56 UTC
7 CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows n/a 2 2025-06-14 15:17 UTC
8 CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation n/a 2 2025-06-14 09:17 UTC
9 CVE-2025-5287 n/a n/a 2 2025-06-16 23:56 UTC
10 CVE-2023-1698 WAGO: WBM Command Injection in multiple products
v3.1 CRITICAL Score: 9.8
2 2025-06-15 17:56 UTC
11 CVE-2021-31956 Windows NTFS Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
2 2025-06-17 23:56 UTC
12 CVE-2019-14811 n/a
v3.0 HIGH Score: 7.3
2 2025-06-15 23:56 UTC
13 CVE-2025-44203 n/a n/a 2 2025-06-18 23:56 UTC
14 CVE-2025-49619 n/a
v3.1 HIGH Score: 8.5
2 2025-06-15 11:56 UTC
15 CVE-2023-6401 NotePad++ dbghelp.exe uncontrolled search path
v3.1 MEDIUM Score: 5.3
2 2025-06-18 23:56 UTC
16 CVE-2015-1578 n/a n/a 2 2025-06-19 05:56 UTC
17 CVE-2025-5964 Path traversal in M-Files API
v4.0 HIGH Score: 8.4
2 2025-06-17 05:56 UTC
18 CVE-2025-5815 Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update
v3.1 MEDIUM Score: 5.3
2 2025-06-13 09:17 UTC
19 CVE-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8
v3.1 HIGH Score: 7.1
2 2025-06-12 21:17 UTC
20 CVE-2025-4009 n/a n/a 2 2025-06-13 21:17 UTC
21 CVE-2025-2783 n/a n/a 2 2025-06-17 05:56 UTC
22 CVE-2025-24071 Microsoft Windows File Explorer Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
2 2025-06-13 09:17 UTC
23 CVE-2025-31650 Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame n/a 2 2025-06-13 15:17 UTC
24 CVE-2025-4123 n/a
v3.1 HIGH Score: 7.6
2 2025-06-17 11:56 UTC
25 CVE-2024-4577 Argument Injection in PHP-CGI
v3.1 CRITICAL Score: 9.8
2 2025-06-15 11:56 UTC
26 CVE-2024-49138 Windows Common Log File System Driver Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-06-12 15:17 UTC
27 CVE-2017-0143 n/a n/a 1 2025-06-17 11:56 UTC
28 CVE-2024-8232 iniNet Solutions SpiderControl SCADA Web Server Unrestricted Upload of File with Dangerous Type
v4.0 HIGH Score: 8.7
1 2025-06-12 09:17 UTC
29 CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input
v4.0 MEDIUM Score: 6.9
1 2025-06-13 09:17 UTC
30 CVE-2025-29471 n/a n/a 1 2025-06-13 03:17 UTC
31 CVE-2025-24035 Windows Remote Desktop Services Remote Code Execution Vulnerability
v3.1 HIGH Score: 8.1
1 2025-06-12 09:17 UTC
32 CVE-2025-26198 n/a n/a 1 2025-06-18 23:56 UTC
33 CVE-2021-40724 Adobe Acrobat Reader Android Abritrary Code Execution Vulnerability
v3.1 HIGH Score: 7.8
1 2025-06-15 17:56 UTC
34 CVE-2025-2135 n/a n/a 1 2025-06-17 11:56 UTC
35 CVE-2025-32433 Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
v3.1 CRITICAL Score: 10
1 2025-06-15 17:56 UTC
36 CVE-2010-1872 n/a n/a 1 2025-06-14 21:17 UTC
37 CVE-2025-46181 n/a n/a 1 2025-06-14 09:17 UTC
38 CVE-2014-6271 n/a n/a 1 2025-06-14 15:17 UTC
39 CVE-2025-20125 Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability
v3.1 CRITICAL Score: 9.1
1 2025-06-16 11:56 UTC
40 CVE-2025-20124 Cisco Identity Services Engine Java Deserialization Vulnerability
v3.1 CRITICAL Score: 9.9
1 2025-06-16 11:56 UTC
41 CVE-2025-21420 Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-06-12 21:17 UTC
42 CVE-2024-54772 n/a n/a 1 2025-06-12 21:17 UTC
43 CVE-2025-24054 NTLM Hash Disclosure Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
1 2025-06-14 09:17 UTC
44 CVE-2025-43200 n/a n/a 1 2025-06-17 17:56 UTC
45 CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability
v3.1 CRITICAL Score: 9.3
1 2025-06-12 15:17 UTC
46 CVE-2025-26199 n/a n/a 1 2025-06-19 05:56 UTC
47 CVE-2025-32710 Windows Remote Desktop Services Remote Code Execution Vulnerability
v3.1 HIGH Score: 8.1
1 2025-06-18 11:56 UTC
48 CVE-2025-6019 n/a n/a 1 2025-06-19 05:56 UTC
49 CVE-2025-2324565 n/a n/a 1 2025-06-14 09:17 UTC
50 CVE-2025-29927 Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
1 2025-06-12 09:17 UTC
51 CVE-2025-5288 REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function
v3.1 CRITICAL Score: 9.8
1 2025-06-12 21:17 UTC
52 CVE-2024-28995 SolarWinds Serv-U L Directory Transversal Vulnerability
v3.1 HIGH Score: 8.6
1 2025-06-15 11:56 UTC
53 CVE-2025-49125 n/a n/a 1 2025-06-16 17:56 UTC
54 CVE-2024-9264 Grafana SQL Expressions allow for remote code execution
v4.0 CRITICAL Score: 9.4
1 2025-06-15 05:56 UTC
55 CVE-2025-46157 n/a n/a 1 2025-06-13 21:17 UTC
56 CVE-2025-46171 n/a n/a 1 2025-06-17 17:56 UTC
57 CVE-2024-0204 Authentication Bypass in GoAnywhere MFT
v3.1 CRITICAL Score: 9.8
1 2025-06-15 11:56 UTC
58 CVE-2025-31161 n/a
v3.1 CRITICAL Score: 9.8
1 2025-06-15 11:56 UTC
59 CVE-2025-48466 n/a n/a 1 2025-06-17 17:56 UTC
60 CVE-2025-6220 Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options'
v3.1 HIGH Score: 7.2
1 2025-06-17 23:56 UTC
61 CVE-2025-5419 n/a n/a 1 2025-06-14 03:17 UTC
62 CVE-2025-24201 n/a n/a 1 2025-06-14 15:17 UTC
63 CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
v3.1 HIGH Score: 8.1
1 2025-06-18 17:56 UTC
64 CVE-2025-5701 n/a n/a 1 2025-06-12 09:17 UTC