See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Server-side Request Forgery (SSRF)CVE-2026-21294
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21311
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-21291
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Improper Input ValidationCVE-2026-21282
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-21293
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Cross-site Scripting (XSS)CVE-2026-21292
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Incorrect AuthorizationCVE-2026-21289
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21285
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21290
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21284
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21286
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21297
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 15 Mar 2026
- M
Missing AuthorizationCVE-2024-39418
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Missing AuthorizationCVE-2024-39405
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- C
Command InjectionCVE-2024-39402
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Premature Release of Resource During Expected LifetimeCVE-2024-39404
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Premature Release of Resource During Expected LifetimeCVE-2024-39413
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Premature Release of Resource During Expected LifetimeCVE-2024-39407
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- H
Directory TraversalCVE-2024-39399
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- C
Brute ForceCVE-2024-39398
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Cross-site Scripting (XSS)CVE-2024-39403
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- H
Cross-site Scripting (XSS)CVE-2024-39400
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p9>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Deserialization of Untrusted DataCVE-2021-36025
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- C
Arbitrary File UploadCVE-2021-36042
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- H
Arbitrary File UploadCVE-2021-36041
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- H
Command InjectionCVE-2021-36024
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- C
Arbitrary File UploadCVE-2021-36040
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- H
Arbitrary File UploadCVE-2021-36034
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- C
XML InjectionCVE-2021-36033
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Cross-site Scripting (XSS)CVE-2021-36027
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025