Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@4.0.8
Typenpm
Namespace
Nameelectron
Version4.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.0
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
0
url VCID-c9ut-fk1h-gfe4
vulnerability_id VCID-c9ut-fk1h-gfe4
summary 
Trust Boundary Violation
In Electron, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using `contextIsolation` are affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15096
reference_id
reference_type
scores
0
value 0.0042
scoring_system epss
scoring_elements 0.62253
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15096
1
reference_url https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg
2
reference_url https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15096
reference_id CVE-2020-15096
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15096
fixed_packages
0
url pkg:npm/electron@6.1.1
purl pkg:npm/electron@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p3vt-avbt-kyed
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@6.1.1
1
url pkg:npm/electron@6.1.11
purl pkg:npm/electron@6.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p3vt-avbt-kyed
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@6.1.11
2
url pkg:npm/electron@7.2.4
purl pkg:npm/electron@7.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p3vt-avbt-kyed
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@7.2.4
3
url pkg:npm/electron@8.2.4
purl pkg:npm/electron@8.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nm8y-5g5d-quaf
1
vulnerability VCID-p3vt-avbt-kyed
2
vulnerability VCID-xngs-29hg-7kh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@8.2.4
4
url pkg:npm/electron@9.0.1
purl pkg:npm/electron@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nm8y-5g5d-quaf
1
vulnerability VCID-p3vt-avbt-kyed
2
vulnerability VCID-xngs-29hg-7kh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.0.1
aliases CVE-2020-15096, GHSA-6vrv-94jv-crrg
risk_score 3.0
exploitability 0.5
weighted_severity 6.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ut-fk1h-gfe4
1
url VCID-p3vt-avbt-kyed
vulnerability_id VCID-p3vt-avbt-kyed
summary 
IPC messages delivered to the wrong frame in Electron
IPC messages sent from the main process to a subframe in the renderer process, through `webContents.sendToFrame`, `event.reply` or when using the `remote` module, can in some cases be delivered to the wrong frame.

If your app does ANY of the following, then it is impacted by this issue:
- Uses `remote`
- Calls `webContents.sendToFrame`
- Calls `event.reply` in an IPC message handler
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26272
reference_id
reference_type
scores
0
value 0.00965
scoring_system epss
scoring_elements 0.76899
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26272
1
reference_url https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
2
reference_url https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208
3
reference_url https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2
4
reference_url https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc
5
reference_url https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd
6
reference_url https://github.com/electron/electron/pull/26875
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/26875
7
reference_url https://github.com/electron/electron/releases/tag/v9.4.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v9.4.0
8
reference_url https://www.electronjs.org/releases/stable?version=9#9.4.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.electronjs.org/releases/stable?version=9#9.4.0
9
reference_url https://security.archlinux.org/AVG-1503
reference_id AVG-1503
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1503
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26272
reference_id CVE-2020-26272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26272
11
reference_url https://github.com/advisories/GHSA-hvf8-h2qh-37m9
reference_id GHSA-hvf8-h2qh-37m9
reference_type
scores
url https://github.com/advisories/GHSA-hvf8-h2qh-37m9
12
reference_url https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
reference_id GHSA-hvf8-h2qh-37m9
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
fixed_packages
0
url pkg:npm/electron@9.4.0
purl pkg:npm/electron@9.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.4.0
1
url pkg:npm/electron@10.2.0
purl pkg:npm/electron@10.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.2.0
2
url pkg:npm/electron@11.1.0
purl pkg:npm/electron@11.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.1.0
aliases CVE-2020-26272, GHSA-hvf8-h2qh-37m9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3vt-avbt-kyed
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@4.0.8