Vulnerability DB | Snyk

See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].

Find out if you have vulnerabilities that put you at risk

Test your applications

All Vulnerabilities

APPLICATION

Cargo | Rust
Objective-C, CocoaPods | Swift
Composer | PHP
Conan | C/C++
GitHub | Go
Hex | Elixir / Erlang
Maven | Java
npm | JavaScript
NuGet | C#/F#/VB
Pypi | Python
pub | Dart, Flutter
RubyGems | Ruby
Swift Packages | Swift
C/C++

OPERATING SYSTEM

All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi

Report a new vulnerability

L

Improper Validation of Unsafe Equivalence in InputCVE-2026-39972

Affects frankenphp-8.5 | Versions <1.12.2-r0

Has fix

chainguard:latestPublished 13 Apr 2026

H

Untrusted Search PathCVE-2026-39883

Affects frankenphp-8.5 | Versions <1.12.2-r0

Has fix

chainguard:latestPublished 12 Apr 2026

L

GHSA-hfvc-g4fc-pqhx

Affects frankenphp-8.5 | Versions <1.12.2-r0

Has fix

chainguard:latestPublished 12 Apr 2026

L

GHSA-hwr4-mq23-wcv5

Affects frankenphp-8.5 | Versions <1.12.2-r0

Has fix

chainguard:latestPublished 12 Apr 2026

L

GHSA-w8rr-5gcm-pp58

Affects frankenphp-8.5 | Versions <1.12.2-r0

Has fix

chainguard:latestPublished 12 Apr 2026

L

Uncontrolled Memory AllocationCVE-2026-39882

Affects frankenphp-8.5 | Versions <1.12.2-r0

Has fix

chainguard:latestPublished 12 Apr 2026

L

Uncaught ExceptionCVE-2026-34986

Affects frankenphp-8.5 | Versions <1.12.1-r5

Has fix

chainguard:latestPublished 4 Apr 2026

L

GHSA-p77j-4mvh-x3m3

Affects frankenphp-8.5 | Versions <1.12.1-r1

Has fix

chainguard:latestPublished 4 Apr 2026

L

GHSA-q4r8-xm5f-56gw

Affects frankenphp-8.5 | Versions <1.12.1-r2

Has fix

chainguard:latestPublished 4 Apr 2026

L

GHSA-78h2-9frx-2jm8

Affects frankenphp-8.5 | Versions <1.12.1-r5

Has fix

chainguard:latestPublished 4 Apr 2026

L

Improper AuthorizationCVE-2026-33186

Affects frankenphp-8.5 | Versions <1.12.1-r1

Has fix

chainguard:latestPublished 4 Apr 2026

L

Improper AuthenticationCVE-2026-30836

Affects frankenphp-8.5 | Versions <1.12.1-r2

Has fix

chainguard:latestPublished 4 Apr 2026

M

URL Redirection to Untrusted Site ('Open Redirect')

Affects friendsofsymfony/oauth2-php | Versions <1.3.0

Has fix

ComposerPublished 17 May 2024

M

Cross-site Scripting (XSS)CVE-2021-43678

Affects gaoming13/wechat-php-sdk | Versions >=0.0.0

Has fix

ComposerPublished 19 Dec 2021

H

Insufficient Session ExpirationCVE-2026-24894

Affects github.com/dunglas/frankenphp | Versions <1.11.2

Has fix

GoPublished 13 Feb 2026

C

Incorrect Behavior Order: Validate Before CanonicalizeCVE-2026-24895

Affects github.com/dunglas/frankenphp | Versions <1.11.2

Has fix

GoPublished 13 Feb 2026

C

Improper Handling of Case SensitivityCVE-2026-45062

Affects github.com/dunglas/frankenphp/caddy | Versions >=1.11.2 <1.12.3

Has fix

GoPublished 17 May 2026

C

Incorrect Behavior Order: Validate Before CanonicalizeCVE-2026-24895

Affects github.com/dunglas/frankenphp/caddy | Versions <1.11.2

Has fix

GoPublished 13 Feb 2026

M

Arbitrary File ReadCVE-2022-30428

Affects github.com/gphper/ginadmin/internal/controllers/admin/setting | Versions >=0.0.0

Has fix

GoPublished 2 Jun 2022

H

Directory TraversalCVE-2022-30427

Affects github.com/gphper/ginadmin/internal/controllers/admin/setting | Versions >=0.0.0

Has fix

GoPublished 2 Jun 2022

M

Arbitrary File ReadCVE-2022-30428

Affects github.com/gphper/ginadmin/pkg/utils/filesystem | Versions >=0.0.0

Has fix

GoPublished 2 Jun 2022

H

Directory TraversalCVE-2022-30427

Affects github.com/gphper/ginadmin/pkg/utils/filesystem | Versions >=0.0.0

Has fix

GoPublished 2 Jun 2022

C

Incorrect Behavior Order: Validate Before CanonicalizeCVE-2026-24895

Affects github.com/php/frankenphp | Versions <1.11.2

Has fix

GoPublished 13 Feb 2026

H

Insufficient Session ExpirationCVE-2026-24894

Affects github.com/php/frankenphp | Versions <1.11.2

Has fix

GoPublished 13 Feb 2026

C

Incorrect Behavior Order: Validate Before CanonicalizeCVE-2026-24895

Affects github.com/php/frankenphp/caddy | Versions <1.11.2

Has fix

GoPublished 13 Feb 2026

M

Access Restriction BypassCVE-2019-20455

Affects globalpayments/php-sdk | Versions <2.0.0

Has fix

ComposerPublished 14 Feb 2020

C

Malicious Package

Affects graphprotocol-tools-monorepo | Versions *

No fix available

npmPublished 22 Jul 2025

M

Use of Externally-Controlled Format StringCVE-2014-9157

Affects graphviz-php | Versions <0:2.38.0-18.40.amzn1

Has fix

amzn:2018.03Published 27 Sept 2021

M

Out-of-BoundsCVE-2014-1235

Affects graphviz-php | Versions <0:2.30.1-12.37.amzn1

Has fix

amzn:2018.03Published 27 Sept 2021

M

Out-of-BoundsCVE-2014-0978

Affects graphviz-php | Versions <0:2.30.1-12.37.amzn1

Has fix

amzn:2018.03Published 27 Sept 2021

Product

Partners
Developers & Devops Features
Enterprise Features
Pricing
Test with GitHub
Test with CLI
API status

Resources

Vulnerability DB
Blog
Documentation
FAQs

Company

About
Jobs
Contact
Legal terms
Privacy
Press kit
Events

Contact us

Support
Report a new vuln

Find us online

Track our development

© 2026 Snyk Ltd.