34 matches found
CVE-2026-44728
CVE-2026-44728 affects Babel, a JavaScript compiler. Vulnerability occurs when compiling code that is specifically crafted by an attacker, enabling output code to execute arbitrary code. Affects Babel versions 7.12.0 through before 7.29.4 and 8.0.0-alpha.13. Root cause is the generation of advers...
CVE-2026-44728 Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs
Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and...
@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +63 more potentially affected by unknown CVE via @antv/x6-plugin-transform (>=2.1.7 <=2.1.8)
@antv/x6-plugin-transform NPM version =2.1.7, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.0.2, =0.0.64 - @rxdrag/uml-editor =0.6.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4111...
@2kk/miniprogram-ci (>=0.0.2 <=0.0.8), @agilejs/cli (=1.0.0) +327 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (>=7.12.1 <=7.29.0)
@babel/plugin-transform-modules-systemjs NPM version =7.12.1, =0.0.2, =1.0.0, =7.21.4-esm.2, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.74, =1.0.0, =1.1.5 and more Source cves: CVE-2026-44728 Source advisory: SNYK:JS-BABELPLUGINTRANSFORMMODULESSYSTEMJS-16624576...
EUVD-2025-112738
Malicious code in html-webpack-plugin-transform-google-transport npm...
EUVD-2025-113864
Malicious code in eslint-plugin-transform-semantic-ui-yakutsk npm...
Malicious code in babel-plugin-transform-vuex-analysis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10695 Malicious code in babel-plugin-transform-vuex-analysis (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9771 Malicious code in plugin-transform-unicode-sets-regex (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-optional-chaining (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-object-rest-spread (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9765 Malicious code in plugin-transform-numeric-separator (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-numeric-separator (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-logical-assignment-operators (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-export-namespace-from (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9762 Malicious code in plugin-transform-dynamic-import (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9761 Malicious code in plugin-transform-class-static-block (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-class-static-block (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-dynamic-import (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in plugin-transform-async-generator-functions (npm)
--- -= Per source details. Do not edit below this line.=-...