See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects adobe-commerce-magento | Versions *
No fix available
npmPublished 7 May 2025
Affects algolia/algoliasearch-magento-2 | Versions <3.16.2>=3.17.0-beta.1, <3.17.2
Has fix
ComposerPublished 15 Jan 2026
Affects cardgate/magento2 | Versions >=0.0.0
Has fix
ComposerPublished 27 Dec 2020
- H
User ImpersonationCVE-2020-8818
Affects cardgate/magento2 | Versions <2.0.30
Has fix
ComposerPublished 25 Feb 2020
- M
Arbitrary Command InjectionCVE-2026-5603
Affects @elgentos/magento2-dev-mcp | Versions >=0.0.0
Has fix
npmPublished 9 Apr 2026
- M
Information ExposureCVE-2017-13761
Affects fastly/magento2 | Versions <1.2.26
Has fix
ComposerPublished 25 Apr 2024
Affects klaviyo/magento2-extension | Versions >=1.0.0, <3.0.0
Has fix
ComposerPublished 27 May 2021
Affects magento-coding-standard-eslint-plugin | Versions *
No fix available
npmPublished 27 Jan 2026
- H
Incorrect AuthorizationCVE-2026-34645
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34649
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Server-side Request Forgery (SSRF)CVE-2026-34647
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Incorrect AuthorizationCVE-2026-34646
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Dependency on Vulnerable Third-Party ComponentCVE-2026-34654
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-34655
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34651
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Directory TraversalCVE-2026-34653
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34650
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34648
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Improper AuthorizationCVE-2026-34656
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-34686
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-34658
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Dependency on Vulnerable Third-Party ComponentCVE-2026-34652
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Out-of-bounds ReadCVE-2026-34685
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- L
Open RedirectCVE-2026-21295
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Incorrect AuthorizationCVE-2026-21296
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- L
Incorrect AuthorizationCVE-2026-21359
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Incorrect AuthorizationCVE-2026-21309
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Improper Input ValidationCVE-2026-21310
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- H
Cross-site Scripting (XSS)CVE-2026-21361
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026
- M
Directory TraversalCVE-2026-21360
Affects magento/community-edition | Versions <2.4.6-p14>=2.4.7-beta1, <2.4.7-p9>=2.4.8-beta1, <2.4.8-p4>=2.4.9-alpha1, <2.4.9-beta1
Has fix
ComposerPublished 16 Mar 2026