HIGH
babel
CVE published 2026-05-26
CVE-2026-44728
Babel, a widely-used JavaScript compiler, contains a code injection vulnerability in versions 7.12.0 through 7.29.3 and 8.0.0-alpha.0 through 8.0.0-alpha.12. When processing attacker-crafted source code, Babel can generate output that executes arbitrary code during compilation. This represents a supply chain risk where malicious input to a build pipeline could compromise the build environment or downstrea [truncated]