See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects @johntaohunter/forge-jsx | Versions *
No fix available
npmPublished 12 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-40986
Affects org.springframework.webflow:spring-js-resources | Versions [,3.0.2)[4.0.0,4.0.1)
Has fix
MavenPublished 12 Jun 2026
- H
Affects org.springframework.webflow:spring-webflow | Versions [,3.0.2)[4.0.0-RC1,4.0.1)
Has fix
MavenPublished 12 Jun 2026
Affects org.springframework.security:spring-security-saml2-service-provider | Versions [,6.5.11)[7.0.0-M1,7.0.6)
Has fix
MavenPublished 12 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-41003
Affects org.springframework.security:spring-security-saml2-service-provider | Versions [,6.5.11)[7.0.0-M1,7.0.6)
Has fix
MavenPublished 12 Jun 2026
- M
Open RedirectCVE-2026-41706
Affects org.springframework.security:spring-security-web | Versions [,6.5.11)[7.0.0-M1,7.0.6)
Has fix
MavenPublished 12 Jun 2026
- C
Deserialization of Untrusted DataCVE-2026-41731
Affects org.springframework.kafka:spring-kafka | Versions [,3.3.16)[4.0.0-M1,4.0.6)
Has fix
MavenPublished 12 Jun 2026
- H
Improper Validation of Specified Quantity in InputCVE-2026-41727
Affects org.springframework.kafka:spring-kafka | Versions [,3.3.16)[4.0.0-M1,4.0.6)
Has fix
MavenPublished 12 Jun 2026
Affects solana-web3-patched | Versions *
No fix available
npmPublished 12 Jun 2026
Affects solana-web3-community | Versions *
No fix available
npmPublished 12 Jun 2026
Affects @solana-labs/web3js | Versions *
No fix available
npmPublished 12 Jun 2026
Affects @solana-labs/web3.js | Versions *
No fix available
npmPublished 12 Jun 2026
Affects @solana-labs/web3-js | Versions *
No fix available
npmPublished 12 Jun 2026
Affects @solana-labs/spl-toke | Versions *
No fix available
npmPublished 12 Jun 2026