ROOT-APP-NPM-CVE-2026-44728 CVE-2026-44728 in @rootio/babel__plugin-transform-modules-systemjs - Patched by Root

Root has patched CVE-2026-44728 in the @rootio/babelplugin-transform-modules-systemjs package for Root:npm. Multiple fixed versions available...

Linux Distros Unpatched Vulnerability : CVE-2026-44728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically...

CVE-2026-44728

creationtimestamp| type| source ---|---|--- 2026-05-26 19:33:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmrqc64tq32e 2026-05-28 01:37:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmuv42kalp2o...

CVE-2026-44728 Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs

Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...

@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +327 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)

@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: SNYK:JS-BABELPLUGINTRANSFORMMODULESSYSTEMJS-16624576...

@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +327 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)

@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: OSV:GHSA-FV7C-FP4J-7GWP...

@babel/preset-env (>=8.0.0-alpha.0 <=8.0.0-rc.4), @neetly/babel-preset (>=1.0.0-alpha.1 <=1.0.0-alpha.16) +1 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (=8.0.0-rc.4)

@babel/plugin-transform-modules-systemjs NPM version =8.0.0-rc.4 is affected by a known vulnerability. The following packages have a transitive dependency on @babel/plugin-transform-modules-systemjs and may be impacted: - @babel/preset-env =8.0.0-alpha.0, =1.0.0-alpha.1, =1.0.0-alpha.14,...

EUVD-2025-44728

Malicious code in vera-lupis29-sukiwir npm...

CVE-2024-44728

creationtimestamp| type| source ---|---|--- 2024-09-05 19:43:05+00:00| seen| https://t.me/cvedetector/4932...