See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- M
Interpretation ConflictCVE-2026-53655
Affects tar | Versions <7.5.16
Has fix
npmPublished 16 Jun 2026
Affects @langchain/langgraph-checkpoint-mongodb | Versions <1.3.1
Has fix
npmPublished 15 Jun 2026
- H
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-53831
Affects openclaw | Versions <2026.5.18
Has fix
npmPublished 15 Jun 2026
- H
User ImpersonationCVE-2026-53823
Affects openclaw | Versions <2026.5.3
Has fix
npmPublished 15 Jun 2026
- H
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-53822
Affects openclaw | Versions <2026.5.18
Has fix
npmPublished 15 Jun 2026
- M
Insufficient Session ExpirationCVE-2026-53830
Affects openclaw | Versions <2026.4.22
Has fix
npmPublished 15 Jun 2026
- M
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-53838
Affects openclaw | Versions <2026.5.27
Has fix
npmPublished 15 Jun 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-53827
Affects openclaw | Versions <2026.5.2
Has fix
npmPublished 15 Jun 2026
Affects openclaw | Versions <2026.5.18
Has fix
npmPublished 15 Jun 2026
- M
Missing AuthorizationCVE-2026-53820
Affects openclaw | Versions <2026.5.12
Has fix
npmPublished 15 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-45014
Affects apostrophe | Versions <4.30.0
Has fix
npmPublished 15 Jun 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-53607
Affects apostrophe | Versions <4.31.0
Has fix
npmPublished 15 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-53608
Affects @apostrophecms/seo | Versions <1.5.0
Has fix
npmPublished 15 Jun 2026
- H
Prototype PollutionCVE-2026-53609
Affects apostrophe | Versions <4.31.0
Has fix
npmPublished 15 Jun 2026
- M
Prototype PollutionCVE-2026-12208
Affects jsonata | Versions <2.2.1
Has fix
npmPublished 15 Jun 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-53726
Affects parse-server | Versions <8.6.80>=9.0.0-alpha.1 <9.9.1-alpha.6
Has fix
npmPublished 15 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-47376
Affects nocodb | Versions <0.301.3
Has fix
npmPublished 15 Jun 2026
Affects parse-server | Versions >=9.8.0-alpha.9 <9.9.1-alpha.5
Has fix
npmPublished 15 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-53724
Affects parse-server | Versions <8.6.79>=9.0.0-alpha.1 <9.9.1-alpha.4
Has fix
npmPublished 15 Jun 2026
- M
Incorrect AuthorizationCVE-2026-50008
Affects parse-server | Versions >=9.8.0-alpha.1 <9.9.1-alpha.3
Has fix
npmPublished 15 Jun 2026
- M
Access Control BypassCVE-2026-47279
Affects nocodb | Versions <0.301.3
Has fix
npmPublished 14 Jun 2026
- M
Directory TraversalCVE-2026-47385
Affects nocodb | Versions <0.301.3
Has fix
npmPublished 14 Jun 2026
- M
Authorization Bypass Through User-Controlled KeyCVE-2026-47378
Affects nocodb | Versions <0.301.3
Has fix
npmPublished 14 Jun 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-47382
Affects nocodb | Versions <0.301.3
Has fix
npmPublished 14 Jun 2026
- L
Authorization Bypass Through User-Controlled KeyCVE-2026-47388
Affects nocodb | Versions <0.301.3
Has fix
npmPublished 14 Jun 2026
- M
User ImpersonationCVE-2026-47381
Affects nocodb | Versions <0.301.3
Has fix
npmPublished 14 Jun 2026