See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects swagger-express-routes | Versions *
No fix available
npmPublished 11 Jun 2026
Affects rate-limit-flexible | Versions *
No fix available
npmPublished 11 Jun 2026
Affects tailwindcss-animates-kit | Versions *
No fix available
npmPublished 11 Jun 2026
Affects rate-limits-flexible | Versions *
No fix available
npmPublished 11 Jun 2026
Affects tailwindcss-animotion | Versions *
No fix available
npmPublished 11 Jun 2026
- H
Command InjectionCVE-2026-11417
Affects aws-cdk-lib | Versions <2.246.0
Has fix
npmPublished 11 Jun 2026
- H
Infinite loopCVE-2025-71330
Affects image-size | Versions *
No fix available
npmPublished 11 Jun 2026
- H
Infinite loopCVE-2025-71329
Affects image-size | Versions *
No fix available
npmPublished 11 Jun 2026
- H
Improper Resource Shutdown or ReleaseCVE-2026-47213
Affects @boxlite-ai/boxlite | Versions *
No fix available
npmPublished 11 Jun 2026
- M
Arbitrary Argument InjectionCVE-2026-47250
Affects mcp-server-kubernetes | Versions <3.7.0
Has fix
npmPublished 11 Jun 2026
Affects polymarket-clob-api | Versions *
No fix available
npmPublished 11 Jun 2026
Affects tailwind-dark-mode-kit | Versions *
No fix available
npmPublished 11 Jun 2026
Affects paypal-payouts-bridge | Versions *
No fix available
npmPublished 11 Jun 2026
Affects google-cloud-secret-manager-config-poc | Versions *
No fix available
npmPublished 11 Jun 2026
Affects @easytipsportal/pos-adapters | Versions *
No fix available
npmPublished 10 Jun 2026