Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/374129?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/374129?format=api", "purl": "pkg:npm/electron@41.0.3", "type": "npm", "namespace": "", "name": "electron", "version": "41.0.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "41.1.0", "latest_non_vulnerable_version": "42.0.0-alpha.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74712?format=api", "vulnerability_id": "VCID-e2ch-6mpc-ykhz", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release() callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main process, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering with webPreferences.offscreen: { useSharedTexture: true }. Apps that do not enable shared-texture offscreen rendering are not affected. To mitigate this issue, ensure texture.release() is called promptly after the texture has been consumed, before the texture object becomes unreachable. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04869", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04865", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34764" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34764", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455466", "reference_id": "2455466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455466" }, { "reference_url": "https://github.com/advisories/GHSA-8x5q-pvf5-64mp", "reference_id": "GHSA-8x5q-pvf5-64mp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8x5q-pvf5-64mp" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp", "reference_id": "GHSA-8x5q-pvf5-64mp", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:47:38Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374054?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/374055?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34764", "GHSA-8x5q-pvf5-64mp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2ch-6mpc-ykhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75241?format=api", "vulnerability_id": "VCID-k9uz-dsnp-6qev", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If that existing child was created with more permissive webPreferences (via setWindowOpenHandler's overrideBrowserWindowOptions), content loaded by the second renderer inherits those permissions. Apps are only affected if they open multiple top-level windows with differing trust levels and use setWindowOpenHandler to grant child windows elevated webPreferences such as a privileged preload script. Apps that do not elevate child window privileges, or that use a single top-level window, are not affected. Apps that additionally grant nodeIntegration: true or sandbox: false to child windows (contrary to the security recommendations) may be exposed to arbitrary code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07627", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0759", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278", "reference_id": "2456278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278" }, { "reference_url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "GHSA-f3pv-wv63-48x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "GHSA-f3pv-wv63-48x8", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374054?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/374055?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34765", "GHSA-f3pv-wv63-48x8" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9uz-dsnp-6qev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74782?format=api", "vulnerability_id": "VCID-p418-zdbc-tkfx", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00314", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00315", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287" }, { "reference_url": "https://github.com/electron/electron/pull/50475", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/50475" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279", "reference_id": "2456279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279" }, { "reference_url": "https://github.com/advisories/GHSA-f37v-82c4-4x64", "reference_id": "GHSA-f37v-82c4-4x64", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f37v-82c4-4x64" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64", "reference_id": "GHSA-f37v-82c4-4x64", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374054?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/374055?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34781", "GHSA-f37v-82c4-4x64" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p418-zdbc-tkfx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74765?format=api", "vulnerability_id": "VCID-jk3h-fgjr-kffg", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle() / protocol.registerSchemesAsPrivileged() or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value. An attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls. Apps that do not reflect external input into response headers are not affected. This issue has been patched in versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02238", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02234", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000", "reference_id": "2455000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000" }, { "reference_url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "GHSA-4p4r-m79c-wq3v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "GHSA-4p4r-m79c-wq3v", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/374127?format=api", "purl": "pkg:npm/electron@39.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374128?format=api", "purl": "pkg:npm/electron@40.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374129?format=api", "purl": "pkg:npm/electron@41.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3" } ], "aliases": [ "CVE-2026-34767", "GHSA-4p4r-m79c-wq3v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jk3h-fgjr-kffg" } ], "risk_score": "3.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3" }