Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@8.0.0-beta.0
Typenpm
Namespace
Nameelectron
Version8.0.0-beta.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version35.7.5
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
0
url VCID-6pvc-cdyz-gkcv
vulnerability_id VCID-6pvc-cdyz-gkcv
summary 
Unpreventable top-level navigation
### Impact
The `will-navigate` event that apps use to prevent navigations to unexpected destinations [as per our security recommendations](https://www.electronjs.org/docs/tutorial/security) can be bypassed when a sub-frame performs a top-frame navigation across sites.

### Patches

* `11.0.0-beta.1`
* `10.0.1`
* `9.3.0`
* `8.5.1`

### Workarounds
Sandbox all your iframes using the [`sandbox` attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox).  This will prevent them creating top-frame navigations and is good practice anyway.

### For more information
If you have any questions or comments about this advisory:

* Email us at security@electronjs.org
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15174
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.5291
published_at 2026-04-21T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.52823
published_at 2026-04-02T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.5285
published_at 2026-04-04T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.52818
published_at 2026-04-07T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.52869
published_at 2026-04-08T12:55:00Z
5
value 0.00296
scoring_system epss
scoring_elements 0.52864
published_at 2026-04-09T12:55:00Z
6
value 0.00296
scoring_system epss
scoring_elements 0.52914
published_at 2026-04-11T12:55:00Z
7
value 0.00296
scoring_system epss
scoring_elements 0.52898
published_at 2026-04-12T12:55:00Z
8
value 0.00296
scoring_system epss
scoring_elements 0.52882
published_at 2026-04-13T12:55:00Z
9
value 0.00296
scoring_system epss
scoring_elements 0.5292
published_at 2026-04-16T12:55:00Z
10
value 0.00296
scoring_system epss
scoring_elements 0.52927
published_at 2026-04-18T12:55:00Z
11
value 0.00296
scoring_system epss
scoring_elements 0.528
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15174
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15174
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15174
5
reference_url https://github.com/advisories/GHSA-2q4g-w47c-4674
reference_id GHSA-2q4g-w47c-4674
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2q4g-w47c-4674
fixed_packages
0
url pkg:npm/electron@8.5.1
purl pkg:npm/electron@8.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-j7d6-zp3s-67fq
6
vulnerability VCID-nx5d-r4jc-77df
7
vulnerability VCID-p167-yf3n-6qd5
8
vulnerability VCID-qd4u-smpr-auc1
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@8.5.1
1
url pkg:npm/electron@9.3.0
purl pkg:npm/electron@9.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-j7d6-zp3s-67fq
6
vulnerability VCID-nx5d-r4jc-77df
7
vulnerability VCID-p167-yf3n-6qd5
8
vulnerability VCID-qd4u-smpr-auc1
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.3.0
2
url pkg:npm/electron@10.0.1
purl pkg:npm/electron@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-j7d6-zp3s-67fq
6
vulnerability VCID-nx5d-r4jc-77df
7
vulnerability VCID-p167-yf3n-6qd5
8
vulnerability VCID-qd4u-smpr-auc1
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.0.1
aliases CVE-2020-15174, GHSA-2q4g-w47c-4674
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pvc-cdyz-gkcv
1
url VCID-qd4u-smpr-auc1
vulnerability_id VCID-qd4u-smpr-auc1
summary 
Context isolation bypass in Electron
### Impact
Apps using both `contextIsolation` and `sandbox: true` are affected.
Apps using both `contextIsolation` and `nativeWindowOpen: true` are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

### Workarounds
There are no app-side workarounds, you must update your Electron version to be protected.

### Fixed Versions
* `11.0.0-beta.6`
* `10.1.2`
* `9.3.1`
* `8.5.2`

### For more information
If you have any questions or comments about this advisory:
* Email us at [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15215
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51599
published_at 2026-04-21T12:55:00Z
1
value 0.00282
scoring_system epss
scoring_elements 0.5156
published_at 2026-04-09T12:55:00Z
2
value 0.00282
scoring_system epss
scoring_elements 0.51604
published_at 2026-04-11T12:55:00Z
3
value 0.00282
scoring_system epss
scoring_elements 0.51582
published_at 2026-04-12T12:55:00Z
4
value 0.00282
scoring_system epss
scoring_elements 0.51571
published_at 2026-04-13T12:55:00Z
5
value 0.00282
scoring_system epss
scoring_elements 0.51613
published_at 2026-04-16T12:55:00Z
6
value 0.00282
scoring_system epss
scoring_elements 0.51621
published_at 2026-04-18T12:55:00Z
7
value 0.00282
scoring_system epss
scoring_elements 0.51472
published_at 2026-04-01T12:55:00Z
8
value 0.00282
scoring_system epss
scoring_elements 0.51522
published_at 2026-04-02T12:55:00Z
9
value 0.00282
scoring_system epss
scoring_elements 0.51549
published_at 2026-04-04T12:55:00Z
10
value 0.00282
scoring_system epss
scoring_elements 0.51509
published_at 2026-04-07T12:55:00Z
11
value 0.00282
scoring_system epss
scoring_elements 0.51563
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15215
1
reference_url https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15215
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15215
3
reference_url https://github.com/advisories/GHSA-56pc-6jqp-xqj8
reference_id GHSA-56pc-6jqp-xqj8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56pc-6jqp-xqj8
fixed_packages
0
url pkg:npm/electron@8.5.2
purl pkg:npm/electron@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-j7d6-zp3s-67fq
6
vulnerability VCID-nx5d-r4jc-77df
7
vulnerability VCID-p167-yf3n-6qd5
8
vulnerability VCID-qd52-rbd7-qkbn
9
vulnerability VCID-w7f7-5frp-n3br
10
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@8.5.2
1
url pkg:npm/electron@9.3.1
purl pkg:npm/electron@9.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-j7d6-zp3s-67fq
6
vulnerability VCID-nx5d-r4jc-77df
7
vulnerability VCID-p167-yf3n-6qd5
8
vulnerability VCID-qd52-rbd7-qkbn
9
vulnerability VCID-w7f7-5frp-n3br
10
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.3.1
2
url pkg:npm/electron@10.1.2
purl pkg:npm/electron@10.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1x44-uf31-1ydv
1
vulnerability VCID-7eu1-94qk-nuar
2
vulnerability VCID-a795-r67e-p3ck
3
vulnerability VCID-a84t-cjcb-tqcw
4
vulnerability VCID-cxz5-nf3y-zufn
5
vulnerability VCID-f81v-9fv8-93cd
6
vulnerability VCID-j7d6-zp3s-67fq
7
vulnerability VCID-nx5d-r4jc-77df
8
vulnerability VCID-p167-yf3n-6qd5
9
vulnerability VCID-qd52-rbd7-qkbn
10
vulnerability VCID-w7f7-5frp-n3br
11
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.1.2
3
url pkg:npm/electron@11.0.0-beta.6
purl pkg:npm/electron@11.0.0-beta.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-a84t-cjcb-tqcw
3
vulnerability VCID-cxz5-nf3y-zufn
4
vulnerability VCID-f81v-9fv8-93cd
5
vulnerability VCID-j7d6-zp3s-67fq
6
vulnerability VCID-nx5d-r4jc-77df
7
vulnerability VCID-p167-yf3n-6qd5
8
vulnerability VCID-qd52-rbd7-qkbn
9
vulnerability VCID-w7f7-5frp-n3br
10
vulnerability VCID-xys1-xe1s-jqha
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.0.0-beta.6
aliases CVE-2020-15215, GHSA-56pc-6jqp-xqj8
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qd4u-smpr-auc1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@8.0.0-beta.0