Github Dependabot Alerts - Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

I am getting this alert as Critical in my Github Repository, Security section for both my Frontend and backend code.

I'm unable to understand what it is. Please explain flaw?

I upgraded my dependencies and this flaw got solved. However, I want to understand what it means and how critical is it?


  • This warning is related to a security vulnerability in the Babel compiler.

    The vulnerability is identified as CVE-2023-45133 and has a critical severity rating. The vulnerability can be exploited by an attacker to execute arbitrary code during compilation when using plugins that rely on the path.evaluate() or path.evaluateTruthy() internal Babel methods. The vulnerability affects versions of @babel/traverse prior to 7.23.2 and 8.0.0-alpha.4, as well as all versions of babel-traverse.

    If you wanna more detail, you can read here: