1159 matches found
CVE-2026-44301
Hugo (static site generator) versions 0.43 through 0.160.x are vulnerable when building a site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS). The vulnerability arises because Hugo invoked the configured Node tools without restrictions on file system access, potentially allowi...
@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input
Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...
@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +326 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)
@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: OSV:GHSA-FV7C-FP4J-7GWP...
@babel/preset-env (>=8.0.0-alpha.0 <=8.0.0-rc.6), @neetly/babel-preset (>=1.0.0-alpha.1 <=1.0.0-alpha.16) +2 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (=8.0.0-rc.6)
@babel/plugin-transform-modules-systemjs NPM version =8.0.0-rc.6 is affected by a known vulnerability. The following packages have a transitive dependency on @babel/plugin-transform-modules-systemjs and may be impacted: - @babel/preset-env =8.0.0-alpha.0, =1.0.0-alpha.1, =1.0.0-alpha.14,...
@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +326 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)
@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: SNYK:JS-BABELPLUGINTRANSFORMMODULESSYSTEMJS-16624576...
GHSA-FV7C-FP4J-7GWP @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input
Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...
Type Confusion
Overview Affected versions of this package are vulnerable to Type Confusion in code compilation. An attacker can execute arbitrary code by providing malicious input. Notes: This is only exploitable if the system compiles untrusted or attacker-controlled code. Workaround This vulnerability can be...
PT-2026-39295
Name of the Vulnerable Software and Affected Versions Babel versions 7.12.0 through 7.29.3 Babel versions 8.0.0-alpha.1 through 8.0.0-alpha.12 Description Compiling code specifically crafted by an attacker can cause the generation of output code that executes arbitrary code. This issue affects th...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...
CLSA-2026-1777451880 babel: Fix of CVE-2021-42771
CVE-2021-42771: fix directory traversal in Locale.exists/load...
Malicious Package
Overview babel-plugin-blocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2598 Malicious code in babel-plugin-fbtee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da31ad0bc5f3d25505f208dd3be88eaff3e4054e429cbdc7601dc5e3a3d42d The package babel-plugin-fbtee was found to contain malicious code. Source: ghsa-malware...
Malicious code in babel-plugin-fbtee (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82da31ad0bc5f3d25505f208dd3be88eaff3e4054e429cbdc7601dc5e3a3d42d The package babel-plugin-fbtee was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview babel-plugin-fbtee is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in babel-plugin-blocks (npm)
Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...
MAL-2026-2631 Malicious code in babel-plugin-blocks (npm)
Malicious package due to data exfiltration via test, preinstall, and preupdate scripts in package.json using wget to send data to webhook.site. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 679960b444e4781d7276df8692808a4bc4507d29aefe943ffe4d3dfb35dcc141 The...
ROS-20260327-73-0009
Vulnerability in openbabel related to an operation exceeding buffer boundaries in memory. The vulnerability can be exploited remotely...
MAL-2026-2067 Malicious code in babel-plugin-react-pure-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...
Malicious code in babel-plugin-react-pure-component (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b646bc72d4de0e51f408bf6b7ae00d339ea8935a44b9bd71301a76337cc9b8d2 The package babel-plugin-react-pure-component was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...