See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
Affects backupgenuine-updated | Versions *
No fix available
npmPublished 2 Jun 2026
- C
Cross-site Scripting (XSS)CVE-2026-47428
Affects vitest | Versions >=4.0.17 <4.1.6>=5.0.0-beta.1 <5.0.0-beta.3
Has fix
npmPublished 2 Jun 2026
- C
Cross-site Scripting (XSS)CVE-2026-47428
Affects @vitest/browser | Versions >=4.0.17 <4.1.6>=5.0.0-beta.1 <5.0.0-beta.3
Has fix
npmPublished 2 Jun 2026
- C
Missing AuthorizationCVE-2026-47429
Affects @vitest/ui | Versions <3.2.5>=4.0.0-beta.1 <4.1.0-beta.3
Has fix
npmPublished 2 Jun 2026
- C
Missing AuthorizationCVE-2026-47429
Affects @vitest/browser | Versions <3.2.5>=4.0.0-beta.1 <4.1.0-beta.3
Has fix
npmPublished 2 Jun 2026
- C
Missing AuthorizationCVE-2026-47429
Affects vitest | Versions <3.2.5>=4.0.0-beta.1 <4.1.0-beta.3
Has fix
npmPublished 2 Jun 2026
- M
Cross-site Scripting (XSS)CVE-2026-47423
Affects dompurify | Versions >=3.4.4 <3.4.5
Has fix
npmPublished 2 Jun 2026