Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.
References
| Link | Resource |
|---|---|
| https://github.com/babel/babel/security/advisories/GHSA-fv7c-fp4j-7gwp | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 May 2026, 18:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:babel:babel:8.0.0:alpha5:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha10:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha12:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha9:*:*:*:*:*:* cpe:2.3:a:babel:babel:*:*:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha7:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha0:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha6:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha1:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha8:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha11:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha3:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha2:*:*:*:*:*:* cpe:2.3:a:babel:babel:8.0.0:alpha4:*:*:*:*:*:* |
|
| References | () https://github.com/babel/babel/security/advisories/GHSA-fv7c-fp4j-7gwp - Mitigation, Vendor Advisory | |
| First Time |
Babel
Babel babel |
26 May 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-26 18:16
Updated : 2026-05-27 18:21
NVD link : CVE-2026-44728
Mitre link : CVE-2026-44728
CVE.ORG link : CVE-2026-44728
JSON object : View
Products Affected
babel
- babel