See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Access Control BypassCVE-2024-45121
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Access Control BypassCVE-2024-45130
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Access Control BypassCVE-2024-45135
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2024-45120
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Improper AuthorizationCVE-2024-45128
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Server-side Request Forgery (SSRF)CVE-2024-45119
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Cross-site Scripting (XSS)CVE-2024-45127
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Access Control BypassCVE-2024-45129
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Cross-site Scripting (XSS)CVE-2024-45123
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- H
Improper AuthorizationCVE-2024-45132
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Improper AuthorizationCVE-2024-45131
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Information ExposureCVE-2024-45134
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Access Control BypassCVE-2024-45133
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Access Control BypassCVE-2024-45124
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Incorrect AuthorizationCVE-2024-45125
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Access Control BypassCVE-2024-45149
Affects magento/community-edition | Versions <2.4.4-p11>=2.4.5-p1, <2.4.5-p10>=2.4.6-p1, <2.4.6-p8>=2.4.7-beta1, <2.4.7-p3
Has fix
ComposerPublished 13 Oct 2024
- M
Cross-Site Request Forgery (CSRF)CVE-2024-39409
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5-p1, <2.4.5-p9>=2.4.6-p1, <2.4.6-p7>=2.4.7-p1, <2.4.7-p2
Has fix
ComposerPublished 17 Sept 2024
- M
Cross-Site Request Forgery (CSRF)CVE-2024-39408
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5-p1, <2.4.5-p9>=2.4.6-p1, <2.4.6-p7>=2.4.7-p1, <2.4.7-p2
Has fix
ComposerPublished 17 Sept 2024
- M
Improper AuthorizationCVE-2024-39412
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5-p1, <2.4.5-p9>=2.4.6-p1, <2.4.6-p7>=2.4.7-p1, <2.4.7-p2
Has fix
ComposerPublished 17 Sept 2024
- M
Cross-Site Request Forgery (CSRF)CVE-2024-39410
Affects magento/community-edition | Versions <2.4.4-p10>=2.4.5-p1, <2.4.5-p9>=2.4.6-p1, <2.4.6-p7>=2.4.7-p1, <2.4.7-p2
Has fix
ComposerPublished 17 Sept 2024
- H
Path TraversalCVE-2024-39406
Affects magento/community-edition | Versions >=2.4.7-p1, <2.4.7-p2>=2.4.6-p1, <2.4.6-p7>=2.4.5-p1, <2.4.5-p9<2.4.4-p10
Has fix
ComposerPublished 17 Sept 2024
- M
Cross-site Scripting (XSS)CVE-2024-34105
Affects magento/community-edition | Versions <2.4.4-p9>=2.4.5-p1, <2.4.5-p8>=2.4.6-p1, <2.4.6-p6>=2.4.7-beta1, <2.4.7-p1
Has fix
ComposerPublished 8 Aug 2024
- M
Incorrect AuthorizationCVE-2024-34106
Affects magento/community-edition | Versions <2.4.4-p9>=2.4.5-p1, <2.4.5-p8>=2.4.6-p1, <2.4.6-p6>=2.4.7-beta1, <2.4.7-p1
Has fix
ComposerPublished 8 Aug 2024
- M
Improper Access ControlCVE-2024-34107
Affects magento/community-edition | Versions <2.4.4-p9>=2.4.5-p1, <2.4.5-p8>=2.4.6-p1, <2.4.6-p6>=2.4.7-beta1, <2.4.7-p1
Has fix
ComposerPublished 8 Aug 2024
- H
Improper AuthorizationCVE-2024-34104
Affects magento/community-edition | Versions <2.4.4-p9>=2.4.5-p1, <2.4.5-p8>=2.4.6-p1, <2.4.6-p6>=2.4.7-beta1, <2.4.7-p1
Has fix
ComposerPublished 8 Aug 2024
- H
Server-Side Request Forgery (SSRF)CVE-2024-34111
Affects magento/community-edition | Versions <2.4.4-p9>=2.4.5-p1, <2.4.5-p8>=2.4.6-p1, <2.4.6-p6>=2.4.7-beta1, <2.4.7-p1
Has fix
ComposerPublished 8 Aug 2024
- C
Improper AuthenticationCVE-2024-34103
Affects magento/community-edition | Versions <2.4.4-p9>=2.4.5-p1, <2.4.5-p8>=2.4.6-p1, <2.4.6-p6>=2.4.7-beta1, <2.4.7-p1
Has fix
ComposerPublished 8 Aug 2024
- C
XML External Entity (XXE) InjectionCVE-2024-34102
Affects magento/community-edition | Versions <2.4.4-p9>=2.4.5, <2.4.5-p8>=2.4.6, <2.4.6-p6>=2.4.7, <2.4.7-p1
Has fix
ComposerPublished 14 Jun 2024
Affects magento/community-edition | Versions >=2.1, <2.1.15>=2.2, <2.2.6
Has fix
ComposerPublished 29 May 2024
- M
Insecure DefaultsCVE-2019-8136
Affects magento/community-edition | Versions >=2.2.0, <2.2.10>=2.3.0, <2.3.3
Has fix
ComposerPublished 19 Jul 2023