Miggo Predictive Vulnerability Database
Comprehensive vulnerability intelligence for security teams to gain clarity into CVEs to prioritize and respond with precision.
Concerned about an active attack path? Talk to our security experts and see Miggo in action
Contact UsTop 10 CVEs
New vulnerabilities last 30 days
CVE-2026-54335: Feathersjs: Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__
@feathersjs/commons _.merge prototype pollution from a JSON-parsed __proto__ key recursively merges malicious properties onto Object.prototype for the process.
Analysis:
Available
3.7
low
7/17/2026
CVE-2026-49485: HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
org.hl7.fhir.core FHIRPathEngine ReDoS via malicious regex in matches() or replaceMatches() causes catastrophic backtracking, resulting in CPU exhaustion DoS.
Analysis:
Available
7.5
high
7/17/2026
CVE-2026-48049: @hapi/inert: Static-file confinement bypass via sibling-prefix path
@hapi/inert path traversal grants unauthenticated attackers arbitrary file reads from sibling directories via a crafted URL exploiting a confinement bypass.
Analysis:
Available
5.3
medium
7/17/2026
CVE-2026-48022: @hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects
@hapi/wreck's improper origin check on redirects leaks Authorization and Cookie headers across ports and schemes, risking credential theft and impersonation.
Analysis:
Available
6.5
medium
7/17/2026