See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- C
XML InjectionCVE-2021-36023
Affects magento/community-edition | Versions <2.3.7-p1>=2.4.0, <2.4.2-p2
Has fix
ComposerPublished 9 Nov 2025
- M
Command InjectionCVE-2024-39401
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5-p1, <2.4.5-p9>=2.4.6-p1, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 7 Nov 2025
- M
Improper AuthorizationCVE-2024-39417
Affects magento/community-edition | Versions >=2.4.7-p1, <2.4.7-p2>=2.4.6-p1, <2.4.6-p7>=2.4.5-p1, <2.4.5-p9<2.4.4-p10
Has fix
ComposerPublished 24 Oct 2025
- M
Access Control BypassCVE-2025-27190
Affects magento/community-edition | Versions <2.4.4-p13>=2.4.5, <2.4.5-p12>=2.4.6, <2.4.6-p10>=2.4.7-beta1, <2.4.7-p5>=2.4.8-beta1, <2.4.8-beta2
Has fix
ComposerPublished 24 Oct 2025
- M
Improper AuthorizationCVE-2024-39411
Affects magento/community-edition | Versions >=2.4.7-p1, <2.4.7-p2>=2.4.6-p1, <2.4.6-p7>=2.4.5-p1, <2.4.5-p9<2.4.4-p10
Has fix
ComposerPublished 24 Oct 2025
- M
Improper AuthorizationCVE-2024-39415
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5-p1, <2.4.5-p9>=2.4.6-p1, <2.4.6-p7>=2.4.7-p1, <2.4.7-p2
Has fix
ComposerPublished 24 Oct 2025
- M
Incorrect AuthorizationCVE-2025-49550
Affects magento/community-edition | Versions >=2.4.5, <2.4.5-p13>=2.4.6-p1, <2.4.6-p11>=2.4.7-beta1, <2.4.7-p6>=2.4.8-beta1, <2.4.8-p1
Has fix
ComposerPublished 24 Oct 2025
- M
Insufficiently Protected CredentialsCVE-2025-27192
Affects magento/community-edition | Versions <2.4.4-p13>=2.4.5, <2.4.5-p12>=2.4.6, <2.4.6-p10>=2.4.7-beta1, <2.4.7-p5>=2.4.8-beta1, <2.4.8-beta2
Has fix
ComposerPublished 24 Oct 2025
- H
Improper AuthorizationCVE-2025-43585
Affects magento/community-edition | Versions >=2.4.5, <2.4.5-p13>=2.4.6-p1, <2.4.6-p11>=2.4.7-beta1, <2.4.7-p6>=2.4.8-beta1, <2.4.8-p1
Has fix
ComposerPublished 24 Oct 2025
- M
Improper AuthorizationCVE-2024-39419
Affects magento/community-edition | Versions >=2.4.7-p1, <2.4.7-p2>=2.4.6-p1, <2.4.6-p7>=2.4.5-p1, <2.4.5-p9<2.4.4-p10
Has fix
ComposerPublished 24 Oct 2025
- M
Access Control BypassCVE-2025-27191
Affects magento/community-edition | Versions <2.4.4-p13>=2.4.5, <2.4.5-p12>=2.4.6, <2.4.6-p10>=2.4.7-beta1, <2.4.7-p5>=2.4.8-beta1, <2.4.8-beta2
Has fix
ComposerPublished 24 Oct 2025
- M
Improper AuthorizationCVE-2024-39416
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p8>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 24 Oct 2025
- M
Access Control BypassCVE-2024-39414
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5, <2.4.5-p8>=2.4.6, <2.4.6-p7>=2.4.7-beta1, <2.4.7-p2
Has fix
ComposerPublished 24 Oct 2025
- M
Access Control BypassCVE-2025-27206
Affects magento/community-edition | Versions <2.4.5-p13>=2.4.6, <2.4.6-p11>=2.4.7, <2.4.7-p6>=2.4.8-beta1, <2.4.8-p1
Has fix
ComposerPublished 24 Oct 2025
- M
Incorrect AuthorizationCVE-2025-49549
Affects magento/community-edition | Versions <2.4.5-p13>=2.4.6, <2.4.6-p11>=2.4.7, <2.4.7-p6>=2.4.8-beta1, <2.4.8-p1
Has fix
ComposerPublished 24 Oct 2025
- M
Cross-site Scripting (XSS)CVE-2025-54264
Affects magento/community-edition | Versions <2.4.6-p13>=2.4.7-beta1, <2.4.7-p8>=2.4.8-beta1, <2.4.8-p3>=2.4.9-alpha1, <2.4.9-alpha3
Has fix
ComposerPublished 23 Oct 2025
- H
Incorrect AuthorizationCVE-2025-54263
Affects magento/community-edition | Versions <2.4.6-p13>=2.4.7-beta1, <2.4.7-p8>=2.4.8-beta1, <2.4.8-p3>=2.4.9-alpha1, <2.4.9-alpha3
Has fix
ComposerPublished 23 Oct 2025
- M
Cross-site Scripting (XSS)CVE-2025-54266
Affects magento/community-edition | Versions <2.4.6-p13>=2.4.7-beta1, <2.4.7-p8>=2.4.8-beta1, <2.4.8-p3>=2.4.9-alpha1, <2.4.9-alpha3
Has fix
ComposerPublished 23 Oct 2025
- H
Incorrect AuthorizationCVE-2025-54267
Affects magento/community-edition | Versions <2.4.6-p13>=2.4.7-beta1, <2.4.7-p8>=2.4.8-beta1, <2.4.8-p3>=2.4.9-alpha1, <2.4.9-alpha3
Has fix
ComposerPublished 23 Oct 2025
- H
Incorrect AuthorizationCVE-2025-54265
Affects magento/community-edition | Versions <2.4.6-p13>=2.4.7-beta1, <2.4.7-p8>=2.4.8-beta1, <2.4.8-p3>=2.4.9-alpha1, <2.4.9-alpha3
Has fix
ComposerPublished 21 Oct 2025
- C
Improper Input ValidationCVE-2025-54236
Affects magento/community-edition | Versions <2.4.7-p8
Has fix
ComposerPublished 19 Sept 2025
- M
Path TraversalCVE-2025-49559
Affects magento/community-edition | Versions <2.4.5-p14>=2.4.6, <2.4.6-p12>=2.4.7-beta1, <2.4.7-p7>=2.8.4-beta1, <2.8.4-p1
Has fix
ComposerPublished 5 Sept 2025
- H
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2025-49558
Affects magento/community-edition | Versions <2.4.5-p14>=2.4.6, <2.4.6-p12>=2.4.7-beta1, <2.4.7-p7>=2.8.4-beta1, <2.8.4-p1
Has fix
ComposerPublished 5 Sept 2025
- H
Incorrect AuthorizationCVE-2025-49556
Affects magento/community-edition | Versions <2.4.5-p14>=2.4.6, <2.4.6-p12>=2.4.7-beta1, <2.4.7-p7>=2.8.4-beta1, <2.8.4-p1
Has fix
ComposerPublished 5 Sept 2025
- H
Cross-Site Request Forgery (CSRF)CVE-2025-49555
Affects magento/community-edition | Versions <2.4.5-p14>=2.4.6, <2.4.6-p12>=2.4.7-beta1, <2.4.7-p7>=2.8.4-beta1, <2.8.4-p1
Has fix
ComposerPublished 5 Sept 2025
- H
Improper Input ValidationCVE-2025-49554
Affects magento/community-edition | Versions <2.4.5-p14>=2.4.6, <2.4.6-p12>=2.4.7-beta1, <2.4.7-p7>=2.8.4-beta1, <2.8.4-p1
Has fix
ComposerPublished 5 Sept 2025
- H
Cross-site Scripting (XSS)CVE-2025-49557
Affects magento/community-edition | Versions <2.4.5-p14>=2.4.6, <2.4.6-p12>=2.4.7-beta1, <2.4.7-p7>=2.8.4-beta1, <2.8.4-p1
Has fix
ComposerPublished 5 Sept 2025
- M
Cross-site Scripting (XSS)CVE-2025-47110
Affects magento/community-edition | Versions >=2.4.5, <2.4.5-p13>=2.4.6-p1, <2.4.6-p11>=2.4.7-beta1, <2.4.7-p6>=2.4.8-beta1, <2.4.8-p1
Has fix
ComposerPublished 26 Jun 2025
- M
Incorrect AuthorizationCVE-2025-27188
Affects magento/community-edition | Versions <2.4.4-p13>=2.4.5, <2.4.5-p12>=2.4.6, <2.4.6-p10>=2.4.7-beta1, <2.4.7-p5>=2.4.8-beta1, <2.4.8-beta2
Has fix
ComposerPublished 19 Jun 2025
- M
Information ExposureCVE-2023-29287
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025