GitHub CVE statistics

Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.

How to act on this data
  • If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
  • Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
  • Switch the timeframe to spot emerging threats or long-term trends.
Rank CVE Title Metrics Repo count Last seen
1 CVE-2025-53770 Hot Microsoft SharePoint Server Remote Code Execution Vulnerability
v3.1 CRITICAL Score: 9.8
24 2025-07-29 14:43 UTC
2 CVE-2025-32429 Hot XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
v4.0 CRITICAL Score: 9.3
5 2025-07-28 08:43 UTC
3 CVE-2025-29927 Hot Authorization Bypass in Next.js Middleware
v3.1 CRITICAL Score: 9.1
4 2025-07-29 20:43 UTC
4 CVE-2025-5777 NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
v4.0 CRITICAL Score: 9.3
4 2025-07-30 14:43 UTC
5 CVE-2025-32463 n/a
v3.1 CRITICAL Score: 9.3
4 2025-07-30 14:43 UTC
6 CVE-2025-6018 n/a n/a 4 2025-07-25 02:43 UTC
7 CVE-2025-48384 Git allows arbitrary code execution through broken config quoting
v3.1 HIGH Score: 8.1
3 2025-07-30 14:43 UTC
8 CVE-2025-7766 Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference
v4.0 HIGH Score: 8.6
2 2025-07-23 22:47 UTC
9 CVE-2025-52914 n/a n/a 2 2025-07-25 14:43 UTC
10 CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability
v3.1 HIGH Score: 7.5
2 2025-07-23 16:47 UTC
11 CVE-2025-53652 n/a n/a 2 2025-07-25 14:43 UTC
12 CVE-2025-31486 Vite allows server.fs.deny to be bypassed with .svg or relative paths
v3.1 MEDIUM Score: 5.3
2 2025-07-24 20:43 UTC
13 CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT n/a 2 2025-07-28 20:43 UTC
14 CVE-2025-53771 Microsoft SharePoint Server Spoofing Vulnerability
v3.1 MEDIUM Score: 6.5
2 2025-07-26 14:43 UTC
15 CVE-2025-7404 n/a n/a 2 2025-07-27 08:43 UTC
16 CVE-2025-6558 n/a n/a 2 2025-07-26 14:43 UTC
17 CVE-2025-8018 n/a n/a 2 2025-07-23 16:47 UTC
18 CVE-2025-47227 n/a n/a 2 2025-07-29 14:43 UTC
19 CVE-2024-52794 Magnific lightbox susceptible to Cross-site Scripting in Discourse
v3.1 MEDIUM Score: 6.8
2 2025-07-23 22:47 UTC
20 CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability
v3.1 HIGH Score: 7.5
2 2025-07-26 08:43 UTC
21 CVE-2023-22809 n/a n/a 2 2025-07-30 14:43 UTC
22 CVE-2024-23346 pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
v3.1 CRITICAL Score: 9.4
2 2025-07-24 20:43 UTC
23 CVE-2025-27591 n/a n/a 2 2025-07-23 16:47 UTC
24 CVE-2025-54554 n/a n/a 2 2025-07-25 20:43 UTC
25 CVE-2025-54352 n/a
v3.1 LOW Score: 3.7
2 2025-07-29 14:43 UTC
26 CVE-2025-1302 n/a
v4.0 CRITICAL Score: 9.3
2 2025-07-24 20:43 UTC
27 CVE-2025-50472 n/a n/a 2 2025-07-30 02:43 UTC
28 CVE-2025-50460 n/a n/a 2 2025-07-30 08:43 UTC
29 CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos
v3.1 HIGH Score: 8.1
2 2025-07-23 16:47 UTC
30 CVE-2025-52399 n/a n/a 1 2025-07-25 20:43 UTC
31 CVE-2002-20001 n/a n/a 1 2025-07-28 14:43 UTC
32 CVE-2025-6998 n/a n/a 1 2025-07-27 02:43 UTC
33 CVE-2024-23897 n/a n/a 1 2025-07-24 09:27 UTC
34 CVE-2024-10858 Jetpack 13.0-14.0 - Unauthenticated DOM-XSS n/a 1 2025-07-23 16:47 UTC
35 CVE-2017-12637 n/a n/a 1 2025-07-23 22:47 UTC
36 CVE-2025-31511 n/a n/a 1 2025-07-24 20:43 UTC
37 CVE-2025-54309 n/a
v3.1 CRITICAL Score: 9
1 2025-07-26 20:43 UTC
38 CVE-2025-8220 Engeman Web Password Recovery Page RecoveryPass sql injection
v4.0 MEDIUM Score: 6.9
1 2025-07-27 02:43 UTC
39 CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
v4.0 CRITICAL Score: 9.3
1 2025-07-23 16:47 UTC
40 CVE-2025-32462 n/a
v3.1 LOW Score: 2.8
1 2025-07-28 08:43 UTC
41 CVE-2022-46689 n/a n/a 1 2025-07-24 15:28 UTC
42 CVE-2025-50777 n/a n/a 1 2025-07-23 22:47 UTC
43 CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability
v3.1 CRITICAL Score: 9.8
1 2025-07-23 22:47 UTC
44 CVE-2024-33676 n/a n/a 1 2025-07-26 20:43 UTC
45 CVE-2025-29824 Windows Common Log File System Driver Elevation of Privilege Vulnerability
v3.1 HIGH Score: 7.8
1 2025-07-30 08:43 UTC
46 CVE-2020-10220 n/a n/a 1 2025-07-30 14:43 UTC
47 CVE-2024-43018 n/a n/a 1 2025-07-27 20:43 UTC
48 CVE-2025-34138 Sitecore XM/XP/XC and Managed Cloud 9.2 - 10.4 RCE
v4.0 CRITICAL Score: 9.3
1 2025-07-26 14:43 UTC
49 CVE-2025-52289 n/a n/a 1 2025-07-29 20:43 UTC
50 CVE-2024-27499 n/a n/a 1 2025-07-26 20:43 UTC
51 CVE-2025-50867 n/a n/a 1 2025-07-26 14:43 UTC
52 CVE-2025-51411 n/a n/a 1 2025-07-25 08:43 UTC
53 CVE-2025-34077 WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
v4.0 CRITICAL Score: 10
1 2025-07-28 20:43 UTC
54 CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing
v3.1 CRITICAL Score: 9.9
1 2025-07-30 02:43 UTC
55 CVE-2014-6271 n/a n/a 1 2025-07-25 14:43 UTC
56 CVE-2020-10879 n/a n/a 1 2025-07-30 14:43 UTC
57 CVE-2017-5638 n/a n/a 1 2025-07-30 08:43 UTC
58 CVE-2024-27686 n/a n/a 1 2025-07-26 08:43 UTC
59 CVE-2024-40586 n/a
v3.1 MEDIUM Score: 6.3
1 2025-07-25 02:43 UTC
60 CVE-2025-47812 n/a
v3.1 CRITICAL Score: 10
1 2025-07-27 20:43 UTC
61 CVE-2025-40766 n/a n/a 1 2025-07-30 08:43 UTC
62 CVE-2025-50866 n/a n/a 1 2025-07-28 20:43 UTC
63 CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting
v4.0 MEDIUM Score: 5.1
1 2025-07-28 08:43 UTC
64 CVE-2025-54313 n/a
v3.1 HIGH Score: 7.5
1 2025-07-27 02:43 UTC
65 CVE-2022-35411 n/a n/a 1 2025-07-28 14:43 UTC
66 CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
v3.1 CRITICAL Score: 9.8
1 2025-07-28 02:43 UTC
67 CVE-2024-7940 n/a
v3.1 HIGH Score: 8.3
1 2025-07-26 14:43 UTC
68 CVE-2023-42931 n/a n/a 1 2025-07-27 20:43 UTC