See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Cross-site Scripting (XSS)CVE-2026-45375
Affects github.com/siyuan-note/siyuan/kernel/bazaar | Versions >=0.0.0
Has fix
GoPublished 1 Jun 2026
- C
Arbitrary Command InjectionCVE-2026-45695
Affects github.com/kopia/kopia/cli | Versions <0.23.0
Has fix
GoPublished 1 Jun 2026
- C
Arbitrary Command InjectionCVE-2026-45695
Affects github.com/kopia/kopia/internal/insecureserverbind | Versions <0.23.0
Has fix
GoPublished 1 Jun 2026
- H
Race ConditionCVE-2026-45090
Affects github.com/hahwul/dalfox/pkg/scanning | Versions <2.13.0
Has fix
GoPublished 1 Jun 2026
- H
Race ConditionCVE-2026-45090
Affects github.com/hahwul/dalfox/v2/pkg/scanning | Versions <2.13.0
Has fix
GoPublished 1 Jun 2026
Affects github.com/kong/kubernetes-ingress-controller/v3/internal/dataplane/kongstate | Versions <3.5.7
Has fix
GoPublished 1 Jun 2026
Affects github.com/kong/kubernetes-ingress-controller/v2/internal/dataplane/kongstate | Versions >=0.0.0
Has fix
GoPublished 1 Jun 2026
- C
Incorrect Default PermissionsCVE-2026-33590
Affects github.com/portainer/portainer/api | Versions <2.38.0
Has fix
GoPublished 1 Jun 2026
- C
Incorrect Default PermissionsCVE-2026-33590
Affects github.com/portainer/portainer/api/internal/endpointutils | Versions <2.38.0
Has fix
GoPublished 1 Jun 2026
- C
Incorrect Default PermissionsCVE-2026-33590
Affects github.com/portainer/portainer/api/http/handler/endpoints | Versions <2.38.0
Has fix
GoPublished 1 Jun 2026
- C
Incorrect Default PermissionsCVE-2026-33590
Affects github.com/portainer/portainer/api/stacks/deployments | Versions <2.38.0
Has fix
GoPublished 1 Jun 2026
- M
Insertion of Sensitive Information into Log FileCVE-2026-41185
Affects github.com/projectcalico/calico/cni-plugin/internal/pkg/azure | Versions <3.32.0
Has fix
GoPublished 31 May 2026
- M
Insertion of Sensitive Information into Log FileCVE-2026-41185
Affects github.com/projectcalico/calico/cni-plugin/pkg/install | Versions <3.32.0
Has fix
GoPublished 31 May 2026
- L
Improperly Implemented Security Check for StandardCVE-2026-44474
Affects github.com/ellanetworks/core/internal/amf/ngap | Versions <1.10.0
Has fix
GoPublished 31 May 2026
- L
Improperly Implemented Security Check for StandardCVE-2026-44474
Affects github.com/ellanetworks/core/internal/amf/nas/gmm | Versions <1.10.0
Has fix
GoPublished 31 May 2026
- L
Improperly Implemented Security Check for StandardCVE-2026-44474
Affects github.com/ellanetworks/core/internal/amf/nas | Versions <1.10.0
Has fix
GoPublished 31 May 2026
- L
Improperly Implemented Security Check for StandardCVE-2026-44474
Affects github.com/ellanetworks/core/internal/amf | Versions <1.10.0
Has fix
GoPublished 31 May 2026
Affects github.com/go-git/go-git/v4/plumbing/format/idxfile | Versions >=4.6.0
Has fix
GoPublished 31 May 2026
Affects github.com/go-git/go-git/v5/plumbing/format/idxfile | Versions <5.19.1
Has fix
GoPublished 31 May 2026
Affects github.com/go-git/go-git/v6/plumbing/format/idxfile | Versions <6.0.0-alpha.4
Has fix
GoPublished 31 May 2026
Affects github.com/go-git/go-git/v5/plumbing/format/packfile | Versions <5.19.1
Has fix
GoPublished 31 May 2026
Affects github.com/go-git/go-git/v6/plumbing/format/packfile | Versions <6.0.0-alpha.4
Has fix
GoPublished 31 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-46599
Affects github.com/golang/image/tiff | Versions <0.41.0
Has fix
GoPublished 31 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-44544
Affects github.com/gittuf/gittuf/internal/policy | Versions <0.14.0
Has fix
GoPublished 29 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-44544
Affects github.com/gittuf/gittuf/experimental/gittuf | Versions <0.14.0
Has fix
GoPublished 29 May 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-44544
Affects github.com/gittuf/gittuf/internal/cmd/policy | Versions <0.14.0
Has fix
GoPublished 29 May 2026
- M
Missing Origin Validation in WebSocketsCVE-2026-44514
Affects github.com/kubetail-org/kubetail/modules/dashboard | Versions <0.14.0
Has fix
GoPublished 29 May 2026
- M
Missing Origin Validation in WebSocketsCVE-2026-44514
Affects github.com/kubetail-org/kubetail/modules/cli | Versions <0.16.0
Has fix
GoPublished 29 May 2026
- H
Command InjectionCVE-2026-45152
Affects gitlab.com/uniget-org/cli/pkg/security | Versions <0.27.1
Has fix
GoPublished 29 May 2026
- H
Command InjectionCVE-2026-45152
Affects gitlab.com/uniget-org/cli/cmd/uniget | Versions <0.27.1
Has fix
GoPublished 29 May 2026