Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electerm@3.8.8
Typenpm
Namespace
Nameelecterm
Version3.8.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.9.5
Latest_non_vulnerable_version3.9.5
Affected_by_vulnerabilities
0
url VCID-2pth-1pbz-q7a1
vulnerability_id VCID-2pth-1pbz-q7a1
summary electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal output (e.g., via a malicious SSH server, compromised remote host, or malicious plugin rendering terminal content) can thus achieve arbitrary code execution or local file access on the victim's machine, requiring only that the victim clicks a displayed link. At time of publication, there are no publicly available patches.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-43941
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06743
published_at 2026-06-13T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06726
published_at 2026-06-14T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06734
published_at 2026-06-11T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06754
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-43941
1
reference_url https://github.com/electerm/electerm
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electerm/electerm
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-43941
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-43941
3
reference_url https://github.com/advisories/GHSA-fwf6-j56g-m97c
reference_id GHSA-fwf6-j56g-m97c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwf6-j56g-m97c
4
reference_url https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
reference_id GHSA-fwf6-j56g-m97c
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-08T14:34:47Z/
url https://github.com/electerm/electerm/security/advisories/GHSA-fwf6-j56g-m97c
fixed_packages
aliases CVE-2026-43941, GHSA-fwf6-j56g-m97c
risk_score 4.3
exploitability 0.5
weighted_severity 8.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2pth-1pbz-q7a1
1
url VCID-bsue-h9tr-2bbc
vulnerability_id VCID-bsue-h9tr-2bbc
summary electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45353
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05996
published_at 2026-06-11T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06006
published_at 2026-06-14T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.0602
published_at 2026-06-12T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.06012
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45353
1
reference_url https://github.com/electerm/electerm
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/electerm/electerm
2
reference_url https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507
reference_id 0599e67069b00e376a2e962649aaad6096e63507
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T19:27:17Z/
url https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45353
reference_id CVE-2026-45353
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-45353
4
reference_url https://github.com/advisories/GHSA-7p5m-v798-f8vv
reference_id GHSA-7p5m-v798-f8vv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7p5m-v798-f8vv
5
reference_url https://github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv
reference_id GHSA-7p5m-v798-f8vv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T19:27:17Z/
url https://github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv
fixed_packages
0
url pkg:npm/electerm@3.9.0
purl pkg:npm/electerm@3.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.9.0
1
url pkg:npm/electerm@3.9.5
purl pkg:npm/electerm@3.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.9.5
aliases CVE-2026-45353, GHSA-7p5m-v798-f8vv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsue-h9tr-2bbc
2
url VCID-c2ky-2na3-ubh3
vulnerability_id VCID-c2ky-2na3-ubh3
summary electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is accessible from any JavaScript running in the renderer (e.g., via the DevTools console or a compromised webview context). An attacker who achieves any JavaScript execution within the renderer can trivially exfiltrate these secrets to a remote server, leading to cloud account compromise, supply chain attacks, and lateral movement. At time of publication, there are no publicly available patches.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-43942
reference_id
reference_type
scores
0
value 4e-05
scoring_system epss
scoring_elements 0.00196
published_at 2026-06-13T12:55:00Z
1
value 4e-05
scoring_system epss
scoring_elements 0.00197
published_at 2026-06-11T12:55:00Z
2
value 4e-05
scoring_system epss
scoring_elements 0.00195
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-43942
1
reference_url https://github.com/electerm/electerm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electerm/electerm
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-43942
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-43942
3
reference_url https://github.com/advisories/GHSA-37j4-88rp-2f6h
reference_id GHSA-37j4-88rp-2f6h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-37j4-88rp-2f6h
4
reference_url https://github.com/electerm/electerm/security/advisories/GHSA-37j4-88rp-2f6h
reference_id GHSA-37j4-88rp-2f6h
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T23:09:35Z/
url https://github.com/electerm/electerm/security/advisories/GHSA-37j4-88rp-2f6h
fixed_packages
aliases CVE-2026-43942, GHSA-37j4-88rp-2f6h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2ky-2na3-ubh3
3
url VCID-tky5-4uvt-9ucd
vulnerability_id VCID-tky5-4uvt-9ucd
summary electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45787
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00746
published_at 2026-06-11T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00749
published_at 2026-06-14T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00743
published_at 2026-06-12T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00745
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45787
1
reference_url https://github.com/electerm/electerm
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electerm/electerm
2
reference_url https://github.com/electerm/electerm/releases/tag/v3.9.5
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electerm/electerm/releases/tag/v3.9.5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45787
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45787
4
reference_url https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937
reference_id 9dd8295e37d53396b980cd45dfc5ed11ad79b937
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:07Z/
url https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937
5
reference_url https://github.com/advisories/GHSA-g29v-q6h7-76wh
reference_id GHSA-g29v-q6h7-76wh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g29v-q6h7-76wh
6
reference_url https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh
reference_id GHSA-g29v-q6h7-76wh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:07Z/
url https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh
fixed_packages
0
url pkg:npm/electerm@3.9.5
purl pkg:npm/electerm@3.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.9.5
aliases CVE-2026-45787, GHSA-g29v-q6h7-76wh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tky5-4uvt-9ucd
4
url VCID-ydrw-nwxu-6kc8
vulnerability_id VCID-ydrw-nwxu-6kc8
summary electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/WebDAV). The attacker can inject exec* fields or global config to cause remote code to run when a bookmark is opened or when sync is applied.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45058
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.15014
published_at 2026-06-12T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14985
published_at 2026-06-14T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.14894
published_at 2026-06-11T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.15013
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45058
1
reference_url https://github.com/electerm/electerm
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/electerm/electerm
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45058
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45058
3
reference_url https://github.com/advisories/GHSA-jgg9-rw32-44pj
reference_id GHSA-jgg9-rw32-44pj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgg9-rw32-44pj
4
reference_url https://github.com/electerm/electerm/security/advisories/GHSA-jgg9-rw32-44pj
reference_id GHSA-jgg9-rw32-44pj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-30T02:03:52Z/
url https://github.com/electerm/electerm/security/advisories/GHSA-jgg9-rw32-44pj
fixed_packages
0
url pkg:npm/electerm@3.8.15
purl pkg:npm/electerm@3.8.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2pth-1pbz-q7a1
1
vulnerability VCID-bsue-h9tr-2bbc
2
vulnerability VCID-c2ky-2na3-ubh3
3
vulnerability VCID-tky5-4uvt-9ucd
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.8.15
aliases CVE-2026-45058, GHSA-jgg9-rw32-44pj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydrw-nwxu-6kc8
Fixing_vulnerabilities
0
url VCID-scya-q5rb-hfbm
vulnerability_id VCID-scya-q5rb-hfbm
summary electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has been patched in version 3.8.15.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-43944
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36919
published_at 2026-06-13T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.36905
published_at 2026-06-14T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.36712
published_at 2026-06-11T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36891
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-43944
1
reference_url https://github.com/electerm/electerm
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/electerm/electerm
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-43944
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-43944
3
reference_url https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507
reference_id 0599e67069b00e376a2e962649aaad6096e63507
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/
url https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507
4
reference_url https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700
reference_id 8a6a17951e96d715f5a231532bbd8303fe208700
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/
url https://github.com/electerm/electerm/commit/8a6a17951e96d715f5a231532bbd8303fe208700
5
reference_url https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742
reference_id a79e06f4a1f0ac6376c3d2411ef4690fa0377742
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/
url https://github.com/electerm/electerm/commit/a79e06f4a1f0ac6376c3d2411ef4690fa0377742
6
reference_url https://github.com/advisories/GHSA-mpm8-cx2p-626q
reference_id GHSA-mpm8-cx2p-626q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpm8-cx2p-626q
7
reference_url https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q
reference_id GHSA-mpm8-cx2p-626q
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/
url https://github.com/electerm/electerm/security/advisories/GHSA-mpm8-cx2p-626q
8
reference_url https://github.com/electerm/electerm/releases/tag/v3.8.15
reference_id v3.8.15
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:06:05Z/
url https://github.com/electerm/electerm/releases/tag/v3.8.15
fixed_packages
0
url pkg:npm/electerm@3.8.8
purl pkg:npm/electerm@3.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2pth-1pbz-q7a1
1
vulnerability VCID-bsue-h9tr-2bbc
2
vulnerability VCID-c2ky-2na3-ubh3
3
vulnerability VCID-tky5-4uvt-9ucd
4
vulnerability VCID-ydrw-nwxu-6kc8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.8.8
aliases CVE-2026-43944, GHSA-mpm8-cx2p-626q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scya-q5rb-hfbm
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electerm@3.8.8