See the full list of npm packages compromised in the "Node-gyp Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Server-side Request Forgery (SSRF)CVE-2026-34647
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Incorrect AuthorizationCVE-2026-34646
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Dependency on Vulnerable Third-Party ComponentCVE-2026-34654
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-34655
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34651
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Directory TraversalCVE-2026-34653
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34650
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Denial of Service (DoS)CVE-2026-34648
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Improper AuthorizationCVE-2026-34656
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-34686
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-34658
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- H
Dependency on Vulnerable Third-Party ComponentCVE-2026-34652
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Out-of-bounds ReadCVE-2026-34685
Affects magento/community-edition | Versions <2.4.6-p15>=2.4.7-beta1, <2.4.7-p10>=2.4.8-beta1, <2.4.8-p5>=2.4.9-alpha1, <2.4.9
Has fix
ComposerPublished 14 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-40598
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-41897
Affects mantisbt/mantisbt | Versions >=1.0.0, <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Information ExposureCVE-2026-34744
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Information ExposureCVE-2026-34970
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Insertion of Sensitive Information Into Sent DataCVE-2026-34579
Affects mantisbt/mantisbt | Versions >=2.26.1, <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Access Control BypassCVE-2026-34754
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- H
Missing AuthorizationCVE-2026-42071
Affects mantisbt/mantisbt | Versions >=2.23.0, <2.28.2
Has fix
ComposerPublished 12 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-34463
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Incorrect AuthorizationCVE-2026-42070
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-39960
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Access Control BypassCVE-2026-34390
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-44655
Affects mantisbt/mantisbt | Versions >=1.3.0, <2.28.2
Has fix
ComposerPublished 12 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-40607
Affects mantisbt/mantisbt | Versions >=2.1.0, <2.28.2
Has fix
ComposerPublished 12 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-44657
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- H
Improperly Implemented Security Check for StandardCVE-2026-40597
Affects mantisbt/mantisbt | Versions <2.28.2
Has fix
ComposerPublished 12 May 2026
- H
Cross-site Scripting (XSS)CVE-2026-40596
Affects mantisbt/mantisbt | Versions >=2.11.0, <2.28.2
Has fix
ComposerPublished 12 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-33052
Affects mantisbt/mantisbt | Versions >=2.28.0, <2.28.2
Has fix
ComposerPublished 12 May 2026