GitHub CVE statistics
Below you'll find the most talked-about vulnerabilities on GitHub for the selected time window. We scan every incoming repository name and description, extract CVE identifiers, and rank them by how often developers reference them. The fresher the CVE and the higher its rank, the more likely it is that proof-of-concept code, exploit scripts or mitigation tips are circulating right now.
How to act on this data
- If a CVE in the Top 10 affects your stack, prioritise patching and monitor for exploitation attempts.
- Click a CVE ID to open its NVD page for full details, CVSS scores and known mitigations.
- Switch the timeframe to spot emerging threats or long-term trends.
| Rank | CVE | Title | Metrics | Repo count | Last seen |
|---|---|---|---|---|---|
| 1 | CVE-2025-53770 Hot | Microsoft SharePoint Server Remote Code Execution Vulnerability |
v3.1
CRITICAL
Score: 9.8
|
24 | 2025-07-29 14:43 UTC |
| 2 | CVE-2025-32429 Hot | XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter |
v4.0
CRITICAL
Score: 9.3
|
5 | 2025-07-28 08:43 UTC |
| 3 | CVE-2025-29927 Hot | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
|
4 | 2025-07-29 20:43 UTC |
| 4 | CVE-2025-5777 | NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread |
v4.0
CRITICAL
Score: 9.3
|
4 | 2025-07-30 14:43 UTC |
| 5 | CVE-2025-32463 | n/a |
v3.1
CRITICAL
Score: 9.3
|
4 | 2025-07-30 14:43 UTC |
| 6 | CVE-2025-6018 | n/a | n/a | 4 | 2025-07-25 02:43 UTC |
| 7 | CVE-2025-48384 | Git allows arbitrary code execution through broken config quoting |
v3.1
HIGH
Score: 8.1
|
3 | 2025-07-30 14:43 UTC |
| 8 | CVE-2025-7766 | Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference |
v4.0
HIGH
Score: 8.6
|
2 | 2025-07-23 22:47 UTC |
| 9 | CVE-2025-52914 | n/a | n/a | 2 | 2025-07-25 14:43 UTC |
| 10 | CVE-2025-30397 | Scripting Engine Memory Corruption Vulnerability |
v3.1
HIGH
Score: 7.5
|
2 | 2025-07-23 16:47 UTC |
| 11 | CVE-2025-53652 | n/a | n/a | 2 | 2025-07-25 14:43 UTC |
| 12 | CVE-2025-31486 | Vite allows server.fs.deny to be bypassed with .svg or relative paths |
v3.1
MEDIUM
Score: 5.3
|
2 | 2025-07-24 20:43 UTC |
| 13 | CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | n/a | 2 | 2025-07-28 20:43 UTC |
| 14 | CVE-2025-53771 | Microsoft SharePoint Server Spoofing Vulnerability |
v3.1
MEDIUM
Score: 6.5
|
2 | 2025-07-26 14:43 UTC |
| 15 | CVE-2025-7404 | n/a | n/a | 2 | 2025-07-27 08:43 UTC |
| 16 | CVE-2025-6558 | n/a | n/a | 2 | 2025-07-26 14:43 UTC |
| 17 | CVE-2025-8018 | n/a | n/a | 2 | 2025-07-23 16:47 UTC |
| 18 | CVE-2025-47227 | n/a | n/a | 2 | 2025-07-29 14:43 UTC |
| 19 | CVE-2024-52794 | Magnific lightbox susceptible to Cross-site Scripting in Discourse |
v3.1
MEDIUM
Score: 6.8
|
2 | 2025-07-23 22:47 UTC |
| 20 | CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability |
v3.1
HIGH
Score: 7.5
|
2 | 2025-07-26 08:43 UTC |
| 21 | CVE-2023-22809 | n/a | n/a | 2 | 2025-07-30 14:43 UTC |
| 22 | CVE-2024-23346 | pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string |
v3.1
CRITICAL
Score: 9.4
|
2 | 2025-07-24 20:43 UTC |
| 23 | CVE-2025-27591 | n/a | n/a | 2 | 2025-07-23 16:47 UTC |
| 24 | CVE-2025-54554 | n/a | n/a | 2 | 2025-07-25 20:43 UTC |
| 25 | CVE-2025-54352 | n/a |
v3.1
LOW
Score: 3.7
|
2 | 2025-07-29 14:43 UTC |
| 26 | CVE-2025-1302 | n/a |
v4.0
CRITICAL
Score: 9.3
|
2 | 2025-07-24 20:43 UTC |
| 27 | CVE-2025-50472 | n/a | n/a | 2 | 2025-07-30 02:43 UTC |
| 28 | CVE-2025-50460 | n/a | n/a | 2 | 2025-07-30 08:43 UTC |
| 29 | CVE-2024-6387 | Openssh: regresshion - race condition in ssh allows rce/dos |
v3.1
HIGH
Score: 8.1
|
2 | 2025-07-23 16:47 UTC |
| 30 | CVE-2025-52399 | n/a | n/a | 1 | 2025-07-25 20:43 UTC |
| 31 | CVE-2002-20001 | n/a | n/a | 1 | 2025-07-28 14:43 UTC |
| 32 | CVE-2025-6998 | n/a | n/a | 1 | 2025-07-27 02:43 UTC |
| 33 | CVE-2024-23897 | n/a | n/a | 1 | 2025-07-24 09:27 UTC |
| 34 | CVE-2024-10858 | Jetpack 13.0-14.0 - Unauthenticated DOM-XSS | n/a | 1 | 2025-07-23 16:47 UTC |
| 35 | CVE-2017-12637 | n/a | n/a | 1 | 2025-07-23 22:47 UTC |
| 36 | CVE-2025-31511 | n/a | n/a | 1 | 2025-07-24 20:43 UTC |
| 37 | CVE-2025-54309 | n/a |
v3.1
CRITICAL
Score: 9
|
1 | 2025-07-26 20:43 UTC |
| 38 | CVE-2025-8220 | Engeman Web Password Recovery Page RecoveryPass sql injection |
v4.0
MEDIUM
Score: 6.9
|
1 | 2025-07-27 02:43 UTC |
| 39 | CVE-2025-29774 | xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References |
v4.0
CRITICAL
Score: 9.3
|
1 | 2025-07-23 16:47 UTC |
| 40 | CVE-2025-32462 | n/a |
v3.1
LOW
Score: 2.8
|
1 | 2025-07-28 08:43 UTC |
| 41 | CVE-2022-46689 | n/a | n/a | 1 | 2025-07-24 15:28 UTC |
| 42 | CVE-2025-50777 | n/a | n/a | 1 | 2025-07-23 22:47 UTC |
| 43 | CVE-2024-38063 | Windows TCP/IP Remote Code Execution Vulnerability |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-07-23 22:47 UTC |
| 44 | CVE-2024-33676 | n/a | n/a | 1 | 2025-07-26 20:43 UTC |
| 45 | CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
|
1 | 2025-07-30 08:43 UTC |
| 46 | CVE-2020-10220 | n/a | n/a | 1 | 2025-07-30 14:43 UTC |
| 47 | CVE-2024-43018 | n/a | n/a | 1 | 2025-07-27 20:43 UTC |
| 48 | CVE-2025-34138 | Sitecore XM/XP/XC and Managed Cloud 9.2 - 10.4 RCE |
v4.0
CRITICAL
Score: 9.3
|
1 | 2025-07-26 14:43 UTC |
| 49 | CVE-2025-52289 | n/a | n/a | 1 | 2025-07-29 20:43 UTC |
| 50 | CVE-2024-27499 | n/a | n/a | 1 | 2025-07-26 20:43 UTC |
| 51 | CVE-2025-50867 | n/a | n/a | 1 | 2025-07-26 14:43 UTC |
| 52 | CVE-2025-51411 | n/a | n/a | 1 | 2025-07-25 08:43 UTC |
| 53 | CVE-2025-34077 | WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE |
v4.0
CRITICAL
Score: 10
|
1 | 2025-07-28 20:43 UTC |
| 54 | CVE-2025-54381 | BentoML is Vulnerable to an SSRF Attack Through File Upload Processing |
v3.1
CRITICAL
Score: 9.9
|
1 | 2025-07-30 02:43 UTC |
| 55 | CVE-2014-6271 | n/a | n/a | 1 | 2025-07-25 14:43 UTC |
| 56 | CVE-2020-10879 | n/a | n/a | 1 | 2025-07-30 14:43 UTC |
| 57 | CVE-2017-5638 | n/a | n/a | 1 | 2025-07-30 08:43 UTC |
| 58 | CVE-2024-27686 | n/a | n/a | 1 | 2025-07-26 08:43 UTC |
| 59 | CVE-2024-40586 | n/a |
v3.1
MEDIUM
Score: 6.3
|
1 | 2025-07-25 02:43 UTC |
| 60 | CVE-2025-47812 | n/a |
v3.1
CRITICAL
Score: 10
|
1 | 2025-07-27 20:43 UTC |
| 61 | CVE-2025-40766 | n/a | n/a | 1 | 2025-07-30 08:43 UTC |
| 62 | CVE-2025-50866 | n/a | n/a | 1 | 2025-07-28 20:43 UTC |
| 63 | CVE-2025-8191 | macrozheng mall Swagger UI index.html cross site scripting |
v4.0
MEDIUM
Score: 5.1
|
1 | 2025-07-28 08:43 UTC |
| 64 | CVE-2025-54313 | n/a |
v3.1
HIGH
Score: 7.5
|
1 | 2025-07-27 02:43 UTC |
| 65 | CVE-2022-35411 | n/a | n/a | 1 | 2025-07-28 14:43 UTC |
| 66 | CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
v3.1
CRITICAL
Score: 9.8
|
1 | 2025-07-28 02:43 UTC |
| 67 | CVE-2024-7940 | n/a |
v3.1
HIGH
Score: 8.3
|
1 | 2025-07-26 14:43 UTC |
| 68 | CVE-2023-42931 | n/a | n/a | 1 | 2025-07-27 20:43 UTC |