See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Incorrect AuthorizationCVE-2026-34905
Affects github.com/apache/answer/internal/controller | Versions <2.0.1
Has fix
GoPublished 12 Jun 2026
- H
Memory Allocation with Excessive Size ValueCVE-2026-10142
Affects kafka-python | Versions [,2.2.20)[2.3.0,2.3.2)
Has fix
pipPublished 12 Jun 2026
- M
Insertion of Sensitive Information into Log FileCVE-2026-45581
Affects org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim | Versions [2.3.1,2.5.10)
Has fix
MavenPublished 12 Jun 2026
- H
SQL InjectionCVE-2026-11529
Affects mysql-mcp-server | Versions [,0.3.0)
Has fix
pipPublished 12 Jun 2026
- C
Deserialization of Untrusted DataCVE-2026-50076
Affects org.apache.fory:fory-core | Versions [,1.1.0)
Has fix
MavenPublished 12 Jun 2026
- H
Uncontrolled Search Path ElementCVE-2026-36574
Affects Wassimulator/CactusViewer | Versions [0,]
Has fix
Unmanaged (C/C++)Published 12 Jun 2026
Affects ecto-spirit-win-k4n8 | Versions *
No fix available
npmPublished 12 Jun 2026
Affects ecto-flag-read-m7p2 | Versions *
No fix available
npmPublished 12 Jun 2026
Affects ecto-spectral-leak-8d4e2 | Versions *
No fix available
npmPublished 12 Jun 2026
Affects ecto-corsair-flag-x9m4 | Versions *
No fix available
npmPublished 12 Jun 2026
Affects ecto-rust-read-f3a9c1 | Versions *
No fix available
npmPublished 12 Jun 2026
Affects @malwguy/ecto-corsair-whisper-3d2a7c | Versions *
No fix available
npmPublished 12 Jun 2026
Affects ecto-nightly-spirit | Versions *
No fix available
npmPublished 12 Jun 2026
- H
Out-of-bounds ReadCVE-2026-38570
Affects bacnet-stack | Versions [0,]
Has fix
ConanPublished 12 Jun 2026
- H
Out-of-bounds ReadCVE-2026-38570
Affects bacnet | Versions [,1.5.0)
Has fix
Unmanaged (C/C++)Published 12 Jun 2026
Affects ecto-corsair-whisper-6f3b9 | Versions *
No fix available
npmPublished 12 Jun 2026
- M
Affects com.ibeetl:beetl-spring-classic | Versions [,3.21.1.RELEASE)
Has fix
MavenPublished 12 Jun 2026
- H
Improper Certificate ValidationCVE-2026-45574
Affects com.oviva.telematik:konnektor-client | Versions [,1.2.2)
Has fix
MavenPublished 12 Jun 2026
- H
Improper Certificate ValidationCVE-2026-45574
Affects com.oviva.telematik:epa4all-vau-client | Versions [,1.2.2)
Has fix
MavenPublished 12 Jun 2026
- M
XML External Entity (XXE) InjectionCVE-2026-40991
Affects org.springframework.restdocs:spring-restdocs-core | Versions [,3.0.6)[4.0.0-M1,4.0.1)
Has fix
MavenPublished 12 Jun 2026
- H
Improper Certificate ValidationCVE-2026-45574
Affects com.oviva.telematik:epa4all-client | Versions [,1.2.2)
Has fix
MavenPublished 12 Jun 2026
- C
Missing Authentication for Critical FunctionCVE-2026-45083
Affects io.goobi.viewer:viewer-core | Versions [4.8.0,26.04.1)
Has fix
MavenPublished 12 Jun 2026
Affects org.springframework.data:spring-data-mongodb | Versions [,4.5.12)[5.0.0-M1,5.0.6)
Has fix
MavenPublished 12 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-48527
Affects @haxtheweb/haxcms-nodejs | Versions <26.0.1
Has fix
npmPublished 12 Jun 2026
- H
Deserialization of Untrusted DataCVE-2026-41862
Affects org.springframework.statemachine:spring-statemachine-zookeeper | Versions [,4.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Deserialization of Untrusted DataCVE-2026-41862
Affects org.springframework.statemachine:spring-statemachine-samples-datapersist | Versions [,4.0.2)
Has fix
MavenPublished 12 Jun 2026