CVE-2026-44728

CVE-2026-44728 affects Babel, a JavaScript compiler. Vulnerability occurs when compiling code that is specifically crafted by an attacker, enabling output code to execute arbitrary code. Affects Babel versions 7.12.0 through before 7.29.4 and 8.0.0-alpha.13. Root cause is the generation of advers...

@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +327 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)

@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: SNYK:JS-BABELPLUGINTRANSFORMMODULESSYSTEMJS-16624576...

Malicious code in babel-plugin-transform-vuex-analysis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10695 Malicious code in babel-plugin-transform-vuex-analysis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian DSA-5528-1 : node-babel7 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5528 advisory. - Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile...

CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

Code injection

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

CVE-2023-45133

CVE-2023-45133 affects Babel’s traversal layer. The issue allows arbitrary code execution during compilation when compiling code crafted by an attacker via plugins that rely on path.evaluate() or path.evaluateTruthy(). Affected in: @babel/traverse prior to 7.23.2 and 8.0.0-alpha.4, and all versio...

MAL-2022-1409 Malicious code in babel-plugin-transfvrm-rvntime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a81b30912fad1ce99bf876e2494d9b453fb18c220c6bb64401b3ef47b177394 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in babelplugintransfomreactremoveproptypes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 118d5e800455cde3fd9da5c424f41242c449f5bdb4665b9f989cffe0d63e215c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in babelpugintransformreactjsx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c5382dcc5be3a730f882330e09a06e62a180f32a8cb289d9f1dcd438ca6e2d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1420 Malicious code in babelllugintransformes2015modulescommonjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85a16e3db18168e71a2eeec8f9190a55ae782642089ef8b41719535a6a434a82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...