Miggo Predictive Vulnerability Database
Comprehensive vulnerability intelligence for security teams to gain clarity into CVEs to prioritize and respond with precision.
Concerned about an active attack path? Talk to our security experts and see Miggo in action
Contact Us
Top 10 CVEs
New vulnerabilities last 30 days
GHSA-vfpf-xmwh-8m65: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
ProsemirrorToHtml XSS via unescaped HTML attributes in document rendering injects malicious JavaScript for arbitrary code execution in victim browsers.
Analysis:
Available
7.6
high
11/7/2025
GHSA-f83h-ghpp-7wcc: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
pdfminer.six CMap loader insecure deserialization of malicious pickle files executes arbitrary code, granting local privilege escalation to root access.
Analysis:
Available
7.8
high
11/7/2025
GHSA-wf5f-4jwr-ppcp: Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
pdfminer.six RCE via crafted PDF CMap path traversal triggers unsafe pickle deserialization in CMapDB, granting remote attackers arbitrary code execution.
Analysis:
Available
8.6
high
11/7/2025
CVE-2025-64496: Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
Open WebUI Direct Connections code injection via malicious model server SSE events executes arbitrary JS for token theft, account takeover, and backend RCE.
Analysis:
Available
7.3
high
11/7/2025