34 matches found
CVE-2026-44728 Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs
Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...
CVE-2026-44728
CVE-2026-44728 affects Babel, a JavaScript compiler. Vulnerability occurs when compiling code that is specifically crafted by an attacker, enabling output code to execute arbitrary code. Affects Babel versions 7.12.0 through before 7.29.4 and 8.0.0-alpha.13. Root cause is the generation of advers...
@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +64 more potentially affected by unknown CVE via @antv/x6-plugin-transform (>=2.1.7 <=2.1.8)
@antv/x6-plugin-transform NPM version =2.1.7, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.0.2, =0.0.64 - @rxdrag/uml-editor =0.6.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6PLUGINTRANSFORM-16754401...
@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +328 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)
@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: SNYK:JS-BABELPLUGINTRANSFORMMODULESSYSTEMJS-16624576...
EUVD-2025-112738
Malicious code in html-webpack-plugin-transform-google-transport npm...
EUVD-2025-113864
Malicious code in eslint-plugin-transform-semantic-ui-yakutsk npm...
Malicious code in babel-plugin-transform-vuex-analysis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10695 Malicious code in babel-plugin-transform-vuex-analysis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9771 Malicious code in plugin-transform-unicode-sets-regex (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-optional-chaining (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-object-rest-spread (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-numeric-separator (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9765 Malicious code in plugin-transform-numeric-separator (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-logical-assignment-operators (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-export-namespace-from (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-dynamic-import (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-class-static-block (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9761 Malicious code in plugin-transform-class-static-block (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9762 Malicious code in plugin-transform-dynamic-import (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-async-generator-functions (npm)
--- -= Per source details. Do not edit below this line.=-...