See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Heap-based Buffer OverflowCVE-2026-53465
Affects imagemagick | Versions [0,]
Has fix
ConanPublished 11 Jun 2026
- H
Heap-based Buffer OverflowCVE-2026-53465
Affects ImageMagick/ImageMagick | Versions [,7.1.2-25)
Has fix
Unmanaged (C/C++)Published 11 Jun 2026
- H
Improper Resource Shutdown or ReleaseCVE-2026-47213
Affects github.com/boxlite-ai/boxlite/sdks/go | Versions *
No fix available
GoPublished 11 Jun 2026
- H
Improper Resource Shutdown or ReleaseCVE-2026-47213
Affects @boxlite-ai/boxlite | Versions *
No fix available
npmPublished 11 Jun 2026
- H
Improper Resource Shutdown or ReleaseCVE-2026-47213
Affects boxlite | Versions [0,]
Has fix
pipPublished 11 Jun 2026
- H
Improper Resource Shutdown or ReleaseCVE-2026-47213
Affects boxlite | Versions *
No fix available
CargoPublished 11 Jun 2026
- M
Arbitrary Argument InjectionCVE-2026-47250
Affects mcp-server-kubernetes | Versions <3.7.0
Has fix
npmPublished 11 Jun 2026
- H
Directory TraversalCVE-2026-53698
Affects org.silverpeas.core:silverpeas-core-war | Versions [0,]
Has fix
MavenPublished 11 Jun 2026
- H
Directory TraversalCVE-2026-53698
Affects org.silverpeas.core:silverpeas-core | Versions [0,]
Has fix
MavenPublished 11 Jun 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-39922
Affects geonode | Versions [4.0.0rc0,]
Has fix
pipPublished 11 Jun 2026
- L
Incorrect Permission Assignment for Critical ResourceCVE-2026-46668
Affects github.com/authzed/spicedb/pkg/caveats | Versions >=1.15.0 <1.52.0
Has fix
GoPublished 11 Jun 2026
- L
Incorrect Permission Assignment for Critical ResourceCVE-2026-46668
Affects github.com/authzed/spicedb/internal/services/v1 | Versions >=1.15.0 <1.52.0
Has fix
GoPublished 11 Jun 2026
- L
Incorrect Permission Assignment for Critical ResourceCVE-2026-46668
Affects github.com/authzed/spicedb/internal/dispatch/keys | Versions >=1.15.0 <1.52.0
Has fix
GoPublished 11 Jun 2026
Affects polymarket-clob-api | Versions *
No fix available
npmPublished 11 Jun 2026
Affects tailwind-dark-mode-kit | Versions *
No fix available
npmPublished 11 Jun 2026
Affects paypal-payouts-bridge | Versions *
No fix available
npmPublished 11 Jun 2026
Affects google-cloud-secret-manager-config-poc | Versions *
No fix available
npmPublished 11 Jun 2026
- H
Denial of Service (DoS)CVE-2026-41695
Affects org.springframework.data:spring-data-commons | Versions [,3.5.12)[4.0.0,4.0.6)
Has fix
MavenPublished 11 Jun 2026
- H
Affects org.springframework.data:spring-data-rest-webmvc | Versions [,4.5.12)[5.0.0-M1,5.0.6)
Has fix
MavenPublished 11 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-34033
Affects github.com/apache/answer/internal/service/export | Versions <2.0.1
Has fix
GoPublished 11 Jun 2026
- M
Missing AuthorizationCVE-2026-53634
Affects code16/sharp | Versions >=9.0.0, <9.22.3
Has fix
ComposerPublished 11 Jun 2026
- M
NULL Pointer DereferenceCVE-2026-45729
Affects thorvg | Versions [0,]
Has fix
ConanPublished 11 Jun 2026
- M
NULL Pointer DereferenceCVE-2026-10298
Affects whisper-cpp | Versions [0,]
Has fix
ConanPublished 11 Jun 2026
- H
Stack-based Buffer OverflowCVE-2026-43623
Affects microtar | Versions [0,]
Has fix
ConanPublished 11 Jun 2026