See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Deserialization of Untrusted DataCVE-2026-41862
Affects org.springframework.statemachine:spring-statemachine-kryo | Versions [,4.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Deserialization of Untrusted DataCVE-2026-41862
Affects org.springframework.statemachine:spring-statemachine-data-common | Versions [,4.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Deserialization of Untrusted DataCVE-2026-41862
Affects org.springframework.statemachine:spring-statemachine-data-redis | Versions [,4.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Deserialization of Untrusted DataCVE-2026-41862
Affects org.springframework.statemachine:spring-statemachine-data-mongodb | Versions [,4.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Deserialization of Untrusted DataCVE-2026-41862
Affects org.springframework.statemachine:spring-statemachine-data-jpa | Versions [,4.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Use of Less Trusted SourceCVE-2026-47825
Affects org.springframework.cloud:spring-cloud-gateway-server | Versions [,4.3.5)
Has fix
MavenPublished 12 Jun 2026
- H
Use of Less Trusted SourceCVE-2026-47825
Affects org.springframework.cloud:spring-cloud-gateway-server-mvc | Versions [,4.3.5)
Has fix
MavenPublished 12 Jun 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-41708
Affects org.springframework.cloud:spring-cloud-sleuth-instrumentation | Versions [0,]
Has fix
MavenPublished 12 Jun 2026
- M
Open RedirectCVE-2026-41008
Affects org.springframework.security:spring-security-oauth2-authorization-server | Versions [,1.5.8)[2.0.0-M1,7.0.6)
Has fix
MavenPublished 12 Jun 2026
Affects org.springframework.data:spring-data-rest-webmvc | Versions [,4.5.12)[5.0.0-M1,5.0.6)
Has fix
MavenPublished 12 Jun 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-40999
Affects org.springframework.ws:spring-ws-core | Versions [,4.1.4)[5.0.0-M1,5.0.2)
Has fix
MavenPublished 12 Jun 2026
- M
Replay AttackCVE-2026-41000
Affects org.springframework.ws:spring-ws-security | Versions [,4.1.4)[5.0.0-M1,5.0.2)
Has fix
MavenPublished 12 Jun 2026
- L
Incorrect Implementation of Authentication AlgorithmCVE-2026-40995
Affects org.springframework.ws:spring-ws-security | Versions [,4.1.4)[5.0.0-M1,5.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
XML External Entity (XXE) InjectionCVE-2026-40998
Affects org.springframework.ws:spring-xml | Versions [,4.1.4)[5.0.0-M1,5.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Insecure DefaultsCVE-2026-40994
Affects org.springframework.ws:spring-ws-security | Versions [,4.1.4)[5.0.0-M1,5.0.2)
Has fix
MavenPublished 12 Jun 2026
- M
Information ExposureCVE-2026-40997
Affects org.springframework.ws:spring-ws-security | Versions [,4.1.4)[5.0.0-M1,5.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Unchecked Input for Loop ConditionCVE-2026-10143
Affects kafka-python | Versions [,2.2.20)[2.3.0,2.3.2)
Has fix
pipPublished 12 Jun 2026
- M
Use of RSA Algorithm without OAEPCVE-2026-40996
Affects org.springframework.ws:spring-ws-security | Versions [,4.1.4)[5.0.0-M1,5.0.2)
Has fix
MavenPublished 12 Jun 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-48045
Affects zeroconf | Versions [,0.149.12)
Has fix
pipPublished 12 Jun 2026
- H
Directory TraversalCVE-2026-11816
Affects keras | Versions [,3.12.2)[3.13.0,3.14.0)
Has fix
pipPublished 12 Jun 2026
- H
Insufficiently Protected CredentialsCVE-2026-48022
Affects @hapi/wreck | Versions <18.1.2
Has fix
npmPublished 12 Jun 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-48998
Affects guzzlehttp/psr7 | Versions <2.10.2
Has fix
ComposerPublished 12 Jun 2026
- M
HTTP Response SplittingCVE-2026-49214
Affects guzzlehttp/psr7 | Versions <2.10.2
Has fix
ComposerPublished 12 Jun 2026
- H
Out-of-bounds ReadCVE-2026-48109
Affects messagepack | Versions [,2.5.301)[3.0.54-alpha,3.1.7)
Has fix
NuGetPublished 12 Jun 2026
- H
Infinite loopCVE-2025-71330
Affects org.webjars.npm:image-size | Versions [0,]
Has fix
MavenPublished 12 Jun 2026
- M
Uncaught ExceptionCVE-2026-48038
Affects org.webjars.npm:joi | Versions [0,]
Has fix
MavenPublished 12 Jun 2026
- M
Uncaught ExceptionCVE-2026-48038
Affects joi | Versions <17.13.4>=18.0.0 <18.2.1
Has fix
npmPublished 12 Jun 2026
- H
Uncaught ExceptionCVE-2026-48069
Affects @grpc/grpc-js | Versions <1.9.16>=1.10.0 <1.10.12>=1.11.0 <1.11.4>=1.12.0 <1.12.7>=1.13.0 <1.13.5>=1.14.0 <1.14.4
Has fix
npmPublished 12 Jun 2026
- H
Uncaught ExceptionCVE-2026-48068
Affects @grpc/grpc-js | Versions <1.9.16>=1.10.0 <1.10.12>=1.11.0 <1.11.4>=1.12.0 <1.12.7>=1.13.0 <1.13.5>=1.14.0 <1.14.4
Has fix
npmPublished 12 Jun 2026