See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- C
Command InjectionCVE-2024-20720
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p7>=2.4.5-p1, <2.4.5-p6>=2.4.6-p1, <2.4.6-p4
Has fix
ComposerPublished 5 Mar 2025
- H
SQL InjectionCVE-2023-38249
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- H
Incorrect AuthorizationCVE-2023-38209
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p5>=2.4.5-p1, <2.4.5-p4>=2.4.6-p1, <2.4.6-p2
Has fix
ComposerPublished 5 Mar 2025
- H
SQL InjectionCVE-2023-38250
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- M
Cross-site Scripting (XSS)CVE-2023-22249
Affects magento/community-edition | Versions <2.4.4-p3>=2.4.5-p1, <2.4.5-p2
Has fix
ComposerPublished 5 Mar 2025
- H
XML InjectionCVE-2023-29289
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- H
Incorrect AuthorizationCVE-2023-38218
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- H
Incorrect AuthorizationCVE-2023-22248
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- C
Improper Input ValidationCVE-2024-20758
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p8>=2.4.5-p1, <2.4.5-p7>=2.4.6-p1, <2.4.6-p5>=2.4.7-beta1, <2.4.7
Has fix
ComposerPublished 5 Mar 2025
- C
Command InjectionCVE-2023-38208
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p5>=2.4.5-p1, <2.4.5-p4>=2.4.6-p1, <2.4.6-p2
Has fix
ComposerPublished 5 Mar 2025
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- M
Access Control BypassCVE-2023-29294
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- M
Incorrect AuthorizationCVE-2023-29288
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- M
Incorrect AuthorizationCVE-2023-29295
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- M
Incorrect AuthorizationCVE-2023-29296
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- M
Denial of Service (DoS)CVE-2024-20716
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p7>=2.4.5-p1, <2.4.5-p6>=2.4.6-p1, <2.4.6-p4
Has fix
ComposerPublished 5 Mar 2025
- M
Denial of Service (DoS)CVE-2023-38251
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- C
Cross-site Scripting (XSS)CVE-2024-20759
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p8>=2.4.5-p1, <2.4.5-p7>=2.4.6-p1, <2.4.6-p5>=2.4.7-beta1, <2.4.7
Has fix
ComposerPublished 5 Mar 2025
- M
Server-side Request Forgery (SSRF)CVE-2023-29291
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- H
XML InjectionCVE-2023-22247
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p3>=2.4.5-p1, <2.4.5-p2
Has fix
ComposerPublished 5 Mar 2025
- M
XML InjectionCVE-2023-38207
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p5>=2.4.5-p1, <2.4.5-p4>=2.4.6-p1, <2.4.6-p2
Has fix
ComposerPublished 5 Mar 2025
- H
Improper Input ValidationCVE-2023-26367
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- H
SQL InjectionCVE-2023-38221
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- M
Server-side Request Forgery (SSRF)CVE-2023-29292
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- M
Improper Input ValidationCVE-2023-29293
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p4>=2.4.5-p1, <2.4.5-p3
Has fix
ComposerPublished 5 Mar 2025
- H
Server-side Request Forgery (SSRF)CVE-2023-26366
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- C
Cross-site Scripting (XSS)CVE-2023-38219
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p6>=2.4.5-p1, <2.4.5-p5>=2.4.6-p1, <2.4.6-p3>=2.4.7-beta1, <2.4.7-beta2
Has fix
ComposerPublished 5 Mar 2025
- M
Cross-site Request Forgery (CSRF)CVE-2024-20718
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p7>=2.4.5-p1, <2.4.5-p6>=2.4.6-p1, <2.4.6-p4
Has fix
ComposerPublished 5 Mar 2025
- L
Incorrect AuthorizationCVE-2023-22251
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p3>=2.4.5-p1, <2.4.5-p2
Has fix
ComposerPublished 5 Mar 2025
- C
Cross-site Scripting (XSS)CVE-2024-20719
Affects magento/community-edition | Versions >=2.4.4-p1, <2.4.4-p7>=2.4.5-p1, <2.4.5-p6>=2.4.6-p1, <2.4.6-p4
Has fix
ComposerPublished 5 Mar 2025