See the full list of npm packages affected by the "Mastra Supply Chain Compromise - June 2026" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-35401
Affects saleor | Versions [0,]
Has fix
pipPublished 5 May 2026
- H
Allocation of Resources Without Limits or ThrottlingCVE-2026-33756
Affects saleor | Versions [0,]
Has fix
pipPublished 5 May 2026
- M
Improper Isolation or CompartmentalizationCVE-2026-5600
Affects pretix | Versions [2025.10.0,2026.1.2)[2026.2.0,2026.2.1)[2026.3.0,2026.3.1)
Has fix
pipPublished 5 May 2026
- M
Heap-based Buffer OverflowCVE-2026-42309
Affects pillow | Versions [11.2.1,12.2.0)
Has fix
pipPublished 5 May 2026
- M
Integer Overflow or WraparoundCVE-2026-42308
Affects pillow | Versions [,12.2.0)
Has fix
pipPublished 5 May 2026
- M
Infinite loopCVE-2026-42310
Affects pillow | Versions [4.2.0,12.2.0)
Has fix
pipPublished 5 May 2026
- H
Out-of-bounds WriteCVE-2026-42311
Affects pillow | Versions [10.3.0,12.2.0)
Has fix
pipPublished 5 May 2026
- H
Directory TraversalCVE-2026-40258
Affects gramps-webapi | Versions [1.6.0,3.11.1)
Has fix
pipPublished 4 May 2026
- H
Directory TraversalCVE-2026-40576
Affects excel-mcp-server | Versions [,0.1.8)
Has fix
pipPublished 4 May 2026
- H
Execution with Unnecessary PrivilegesCVE-2026-42088
Affects openc3 | Versions [,7.0.0rc3)
Has fix
pipPublished 4 May 2026
- M
Relative Path TraversalCVE-2026-42085
Affects openc3 | Versions [,6.10.5)[7.0.0rc2, 7.0.0rc3)
Has fix
pipPublished 4 May 2026
- M
Cross-site Scripting (XSS)CVE-2026-42052
Affects beets | Versions [,2.10.0)
Has fix
pipPublished 4 May 2026
- C
SQL InjectionCVE-2026-42087
Affects openc3 | Versions [6.7.0, 7.0.0rc3)
Has fix
pipPublished 4 May 2026
- M
Insufficient Session ExpirationCVE-2026-41519
Affects weblate | Versions [,5.17.1)
Has fix
pipPublished 4 May 2026
- M
Server-side Request Forgery (SSRF)CVE-2026-41654
Affects weblate | Versions [4.14, 5.17.1)
Has fix
pipPublished 4 May 2026
- C
User ImpersonationCVE-2026-42354
Affects sentry | Versions [21.12.0,]
Has fix
pipPublished 4 May 2026
- L
Arbitrary Argument InjectionCVE-2026-7725
Affects prefect | Versions [,3.6.25.dev7)
Has fix
pipPublished 4 May 2026
- M
Time-of-check Time-of-use (TOCTOU) Race ConditionCVE-2026-7724
Affects prefect | Versions [,3.6.28.dev2)
Has fix
pipPublished 4 May 2026
- M
Improper AuthenticationCVE-2026-7722
Affects prefect | Versions [,3.6.22.dev7)
Has fix
pipPublished 4 May 2026
- M
Missing Authentication for Critical FunctionCVE-2026-7723
Affects prefect | Versions [,3.6.14.dev5)
Has fix
pipPublished 4 May 2026
- H
Command InjectionCVE-2026-7246
Affects click | Versions [8.2.0,8.3.3)
Has fix
pipPublished 3 May 2026
- H
Open RedirectCVE-2026-40171
Affects notebook | Versions [7.0.0,7.5.6)
Has fix
pipPublished 3 May 2026
- L
Untrusted Search PathCVE-2026-40947
Affects yubikey-manager | Versions [,5.9.1)
Has fix
pipPublished 1 May 2026
- H
Directory TraversalCVE-2026-6855
Affects instructlab | Versions [0,]
Has fix
pipPublished 30 Apr 2026
- H
Improper Certificate ValidationCVE-2026-41016
Affects apache-airflow-providers-smtp | Versions [2.0.0rc1,3.0.0)
Has fix
pipPublished 30 Apr 2026