See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Directory TraversalCVE-2026-53571
Affects org.webjars.npm:vite | Versions [0,]
Has fix
MavenPublished 17 Jun 2026
- M
Inefficient Algorithmic ComplexityCVE-2026-48988
Affects org.webjars.npm:markdown-it | Versions [0,]
Has fix
MavenPublished 17 Jun 2026
Affects org.webjars.npm:nuxt | Versions [0,]
Has fix
MavenPublished 17 Jun 2026
Affects @mastra/node-speaker | Versions =0.1.1
Has fix
npmPublished 17 Jun 2026
- M
Inefficient Algorithmic ComplexityCVE-2026-48988
Affects markdown-it | Versions <14.2.0
Has fix
npmPublished 17 Jun 2026
Affects yt-dlp | Versions [2023.9.24, 2026.6.9)
Has fix
pipPublished 17 Jun 2026
Affects nuxt | Versions >=4.0.0-alpha.1 <4.4.7
Has fix
npmPublished 17 Jun 2026
- H
Directory TraversalCVE-2026-53571
Affects vite | Versions <6.4.3>=7.0.0-beta.0 <7.3.5>=8.0.0-beta.0 <8.0.16
Has fix
npmPublished 17 Jun 2026
- H
Directory TraversalCVE-2026-53571
Affects vite-plus | Versions <0.1.24
Has fix
npmPublished 17 Jun 2026
Affects nuxt | Versions <3.21.7>=4.0.0-alpha.1 <4.4.7
Has fix
npmPublished 17 Jun 2026
Affects nuxt | Versions >=3.18.0 <3.21.7>=4.0.0-alpha.1 <4.4.7
Has fix
npmPublished 17 Jun 2026
Affects nuxt | Versions <3.21.7>=4.0.0-alpha.1 <4.4.7
Has fix
npmPublished 17 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-52725
Affects @angular/core | Versions <19.2.23>=20.0.0-next.0 <20.3.22>=21.0.0-next.0 <21.2.15>=22.0.0-next.0 <22.0.0-rc.2
Has fix
npmPublished 17 Jun 2026
- M
Unintended Proxy or Intermediary ('Confused Deputy')CVE-2026-9595
Affects webpack-dev-server | Versions <5.2.5
Has fix
npmPublished 17 Jun 2026
- H
Regular Expression Denial of Service (ReDoS)CVE-2026-48125
Affects ua-parser-js | Versions >=2.0.1 <2.0.10
Has fix
npmPublished 17 Jun 2026
- H
Uncontrolled RecursionCVE-2026-48712
Affects protobufjs | Versions <7.6.1>=8.0.0 <8.4.1
Has fix
npmPublished 17 Jun 2026
- M
Allocation of Resources Without Limits or ThrottlingCVE-2026-54270
Affects protobufjs | Versions >=8.2.0 <8.5.0
Has fix
npmPublished 17 Jun 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-50171
Affects @angular/common | Versions <19.2.23>=20.0.0-next.0 <20.3.22>=21.0.0-next.0 <21.2.15>=22.0.0-next.0 <22.0.0-rc.2
Has fix
npmPublished 17 Jun 2026
- M
Inefficient Algorithmic ComplexityCVE-2026-53550
Affects org.webjars.npm:js-yaml | Versions [,4.2.0)
Has fix
MavenPublished 17 Jun 2026
Affects org.webjars.npm:nodemailer | Versions [0,]
Has fix
MavenPublished 17 Jun 2026
- M
Improper Check for Unusual or Exceptional ConditionsCVE-2026-54269
Affects org.webjars.npm:protobufjs | Versions [0,]
Has fix
MavenPublished 17 Jun 2026
- H
Out-of-bounds ReadCVE-2026-34180
Affects cryptography | Versions [0.5,48.0.1)
Has fix
pipPublished 17 Jun 2026
Affects easy-day-js | Versions =1.11.21=1.11.22
Has fix
npmPublished 17 Jun 2026
Affects @mastra/voice-xai-realtime | Versions =0.1.2
Has fix
npmPublished 17 Jun 2026
Affects @mastra/voice-speechify | Versions =0.12.2
Has fix
npmPublished 17 Jun 2026
Affects @mastra/voice-sarvam | Versions =1.0.2
Has fix
npmPublished 17 Jun 2026