Nixpkgs security tracker
8.2 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
Improper Control of Generation of Code when compiling specifically crafted malicious code with @babel/plugin-transform-modules-systemjs
Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.
References
-
https://github.com/babel/babel/security/advisories/GHSA-fv7c-fp4j-7gwp x_refsource_CONFIRM
Affected products
- ==>= 8.0.0-alpha.0, < 8.0.0-alpha.13
- ==>= 7.12.0, < 7.29.4
- ==>= 8.0.0-alpha.0, < 8.0.0-alpha.13
- ==>= 7.12.0, < 7.29.4
Matching in nixpkgs
pkgs.babeld
Loop-avoiding distance-vector routing protocol
pkgs.babeldoc
PDF scientific paper translation and bilingual comparison library
pkgs.gpsbabel
Convert, upload and download data from GPS and Map programs
pkgs.babelfish
Translate bash scripts to fish
pkgs.openbabel
Toolbox designed to speak the many languages of chemical data
-
nixos-unstable 3.1.1-unstable-2024-12-21
- nixpkgs-unstable 3.1.1-unstable-2024-12-21
- nixos-unstable-small 3.1.1-unstable-2024-12-21
-
nixos-25.11 3.1.1-unstable-2024-12-21
- nixos-25.11-small 3.1.1-unstable-2024-12-21
- nixpkgs-25.11-darwin 3.1.1-unstable-2024-12-21
pkgs.babeltrace
Command-line tool and library to read and convert LTTng tracefiles
pkgs.openbabel3
Toolbox designed to speak the many languages of chemical data
-
nixos-unstable 3.1.1-unstable-2024-12-21
- nixpkgs-unstable 3.1.1-unstable-2024-12-21
- nixos-unstable-small 3.1.1-unstable-2024-12-21
-
nixos-25.11 3.1.1-unstable-2024-12-21
- nixos-25.11-small 3.1.1-unstable-2024-12-21
- nixpkgs-25.11-darwin 3.1.1-unstable-2024-12-21
pkgs.babeltrace2
Babeltrace /ˈbæbəltreɪs/ is an open-source trace manipulation toolkit
pkgs.gpsbabel-gui
Convert, upload and download data from GPS and Map programs
pkgs.babelstone-han
Unicode CJK font with over 36000 Han characters
pkgs.pkgsRocm.babeldoc
PDF scientific paper translation and bilingual comparison library
pkgs.sbclPackages.babel
None
-
nixos-unstable 20260101-git
- nixpkgs-unstable 20260101-git
- nixos-unstable-small 20260101-git
-
nixos-25.11 20241012-git
- nixos-25.11-small 20241012-git
- nixpkgs-25.11-darwin 20241012-git
pkgs.ocamlPackages.babel
Library for defining Rpcs that can evolve over time without breaking backward compatibility
pkgs.typstPackages.babel
Redact text by replacing it with random characters
pkgs.python312Packages.babel
Collection of internationalizing tools
pkgs.python313Packages.babel
Collection of internationalizing tools
pkgs.python314Packages.babel
Collection of internationalizing tools
pkgs.python312Packages.nibabel
Access a multitude of neuroimaging data formats
pkgs.python313Packages.nibabel
Access a multitude of neuroimaging data formats
pkgs.python314Packages.nibabel
Access a multitude of neuroimaging data formats
pkgs.typstPackages.babel_0_1_1
Redact text by replacing it with random characters
pkgs.ocamlPackages_latest.babel
Library for defining Rpcs that can evolve over time without breaking backward compatibility
pkgs.python312Packages.babelfish
Module to work with countries and languages
pkgs.python312Packages.babelfont
Python library to load, examine, and save fonts in a variety of formats
pkgs.python312Packages.openbabel
Toolbox designed to speak the many languages of chemical data
-
nixos-25.11 3.1.1-unstable-2024-12-21
- nixos-25.11-small 3.1.1-unstable-2024-12-21
- nixpkgs-25.11-darwin 3.1.1-unstable-2024-12-21
pkgs.python313Packages.babelfish
Module to work with countries and languages
pkgs.python313Packages.babelfont
Python library to load, examine, and save fonts in a variety of formats
pkgs.python313Packages.openbabel
Toolbox designed to speak the many languages of chemical data
-
nixos-unstable 3.1.1-unstable-2024-12-21
- nixpkgs-unstable 3.1.1-unstable-2024-12-21
- nixos-unstable-small 3.1.1-unstable-2024-12-21
-
nixos-25.11 3.1.1-unstable-2024-12-21
- nixos-25.11-small 3.1.1-unstable-2024-12-21
- nixpkgs-25.11-darwin 3.1.1-unstable-2024-12-21
pkgs.python314Packages.babelfish
Module to work with countries and languages
pkgs.python314Packages.openbabel
Toolbox designed to speak the many languages of chemical data
-
nixos-unstable 3.1.1-unstable-2024-12-21
- nixpkgs-unstable 3.1.1-unstable-2024-12-21
- nixos-unstable-small 3.1.1-unstable-2024-12-21
pkgs.python312Packages.babeltrace
Command-line tool and library to read and convert LTTng tracefiles
pkgs.python313Packages.babeltrace
Command-line tool and library to read and convert LTTng tracefiles
pkgs.python314Packages.babeltrace
Command-line tool and library to read and convert LTTng tracefiles
pkgs.python312Packages.babeltrace2
Babeltrace /ˈbæbəltreɪs/ is an open-source trace manipulation toolkit
pkgs.python312Packages.flask-babel
Adds i18n/l10n support to Flask applications
pkgs.python312Packages.hatch-babel
Hatch build-hook to compile Babel *.po files to *.mo files at build time
pkgs.python313Packages.babeltrace2
Babeltrace /ˈbæbəltreɪs/ is an open-source trace manipulation toolkit
pkgs.python313Packages.flask-babel
Adds i18n/l10n support to Flask applications
pkgs.python313Packages.hatch-babel
Hatch build-hook to compile Babel *.po files to *.mo files at build time
pkgs.python314Packages.babeltrace2
Babeltrace /ˈbæbəltreɪs/ is an open-source trace manipulation toolkit
pkgs.python314Packages.flask-babel
Adds i18n/l10n support to Flask applications
pkgs.python314Packages.hatch-babel
Hatch build-hook to compile Babel *.po files to *.mo files at build time
pkgs.ocamlPackages.janeStreet.babel
Library for defining Rpcs that can evolve over time without breaking backward compatibility
pkgs.ocamlPackages_latest.janeStreet.babel
Library for defining Rpcs that can evolve over time without breaking backward compatibility
pkgs.python312Packages.babelgladeextractor
Babel Glade XML files translatable strings extractor
pkgs.python313Packages.babelgladeextractor
Babel Glade XML files translatable strings extractor
pkgs.python314Packages.babelgladeextractor
Babel Glade XML files translatable strings extractor
pkgs.perlPackages.LocaleUtilsPlaceholderBabelFish
Locale::Utils::PlaceholderBabelFish - Utils to expand BabelFish palaceholders
pkgs.perl5Packages.LocaleUtilsPlaceholderBabelFish
Locale::Utils::PlaceholderBabelFish - Utils to expand BabelFish palaceholders
pkgs.perl538Packages.LocaleUtilsPlaceholderBabelFish
Locale::Utils::PlaceholderBabelFish - Utils to expand BabelFish palaceholders
pkgs.perl540Packages.LocaleUtilsPlaceholderBabelFish
Locale::Utils::PlaceholderBabelFish - Utils to expand BabelFish palaceholders
Package maintainers
-
@ryota2357 Ryota Otsuki <contact@ryota2357.com>
-
@kevingriffin Kevin Griffin <me@kevin.jp>
-
@emilazy Emily <nixpkgs@emily.moe>
-
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@danielbarter Daniel Barter <danielbarter@gmail.com>
-
@getchoo Seth Flynn <getchoo@tuta.io>
-
@danc86 Dan Callaghan <djc@djc.id.au>
-
@matejc Matej Cotman <cotman.matej@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@timokau Timo Kaufmann <timokau@zoho.com>
-
@collares Mauricio Collares <mauricio@collares.org>
-
@ashgillman Ashley Gillman <gillmanash@gmail.com>
-
@nagy Daniel Nagy <danielnagy@posteo.de>
-
@lukego Luke Gorrie <luke@snabb.co>
-
@Uthar Kasper Gałkowski <galkowskikasper@gmail.com>
-
@hraban Hraban Luyat <hraban@0brg.net>
-
@cherrypiejam Gongqi Huang
-
@RossSmyth Ross Smyth