Lucene search
K

1159 matches found

CVE
CVE
added 2026/05/12 9:37 p.m.42 views

CVE-2026-44301

Hugo (static site generator) versions 0.43 through 0.160.x are vulnerable when building a site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS). The vulnerability arises because Hugo invoked the configured Node tools without restrictions on file system access, potentially allowi...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 8:34 p.m.36 views

@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...

8.2CVSS5.9AI score0.00125EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/08 8:34 p.m.8 views

@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +326 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)

@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: OSV:GHSA-FV7C-FP4J-7GWP...

8.2CVSS5.7AI score0.00125EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 8:34 p.m.7 views

@babel/preset-env (>=8.0.0-alpha.0 <=8.0.0-rc.6), @neetly/babel-preset (>=1.0.0-alpha.1 <=1.0.0-alpha.16) +2 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (=8.0.0-rc.6)

@babel/plugin-transform-modules-systemjs NPM version =8.0.0-rc.6 is affected by a known vulnerability. The following packages have a transitive dependency on @babel/plugin-transform-modules-systemjs and may be impacted: - @babel/preset-env =8.0.0-alpha.0, =1.0.0-alpha.1, =1.0.0-alpha.14,...

8.2CVSS5.4AI score0.00125EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 8:34 p.m.7 views

@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +326 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)

@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: SNYK:JS-BABELPLUGINTRANSFORMMODULESSYSTEMJS-16624576...

8.2CVSS5.7AI score0.00125EPSS
Exploits0
OSV
OSV
added 2026/05/08 8:34 p.m.10 views

GHSA-FV7C-FP4J-7GWP @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...

8.2CVSS5.9AI score0.00125EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/08 8:34 p.m.23 views

Type Confusion

Overview Affected versions of this package are vulnerable to Type Confusion in code compilation. An attacker can execute arbitrary code by providing malicious input. Notes: This is only exploitable if the system compiles untrusted or attacker-controlled code. Workaround This vulnerability can be...

8.2CVSS6.2AI score0.00125EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39295

Name of the Vulnerable Software and Affected Versions Babel versions 7.12.0 through 7.29.3 Babel versions 8.0.0-alpha.1 through 8.0.0-alpha.12 Description Compiling code specifically crafted by an attacker can cause the generation of output code that executes arbitrary code. This issue affects th...

8.2CVSS6AI score0.00125EPSS
Exploits0References11
Snyk
Snyk
added 2026/05/06 8:59 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...

8.6CVSS6.3AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2026/05/02 1:17 a.m.7 views

CLSA-2026-1777451880 babel: Fix of CVE-2021-42771

CVE-2021-42771: fix directory traversal in Locale.exists/load...

7.8CVSS7.1AI score0.00716EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/14 11:37 a.m.5 views

Malicious Package

Overview babel-plugin-blocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/13 3:25 p.m.5 views

MAL-2026-2598 Malicious code in babel-plugin-fbtee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da31ad0bc5f3d25505f208dd3be88eaff3e4054e429cbdc7601dc5e3a3d42d The package babel-plugin-fbtee was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 3:25 p.m.6 views

Malicious code in babel-plugin-fbtee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da31ad0bc5f3d25505f208dd3be88eaff3e4054e429cbdc7601dc5e3a3d42d The package babel-plugin-fbtee was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/04/13 3:25 p.m.7 views

Malicious Package

Overview babel-plugin-fbtee is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/13 6:13 a.m.11 views

Malicious code in babel-plugin-blocks (npm)

Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/04/13 6:13 a.m.5 views

MAL-2026-2631 Malicious code in babel-plugin-blocks (npm)

Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...

5.7AI score
Exploits0References2
Redos
Redos
added 2026/03/27 12:0 a.m.6 views

ROS-20260327-73-0009

Vulnerability in openbabel related to an operation exceeding buffer boundaries in memory. The vulnerability can be exploited remotely...

8.1CVSS6AI score0.007EPSS
Exploits1
OSV
OSV
added 2026/03/22 5:43 p.m.6 views

MAL-2026-2067 Malicious code in babel-plugin-react-pure-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 5:43 p.m.11 views

Malicious code in babel-plugin-react-pure-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/19 11:0 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder