Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/592495?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/592495?format=api", "purl": "pkg:npm/electron@14.0.0-beta.21", "type": "npm", "namespace": "", "name": "electron", "version": "14.0.0-beta.21", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "39.8.5", "latest_non_vulnerable_version": "42.0.0-alpha.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63637?format=api", "vulnerability_id": "VCID-2kk5-3p41-kycs", "summary": "electron: Electron: Protocol handler hijacking via improper validation of protocol names", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06694", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025", "reference_id": "2455025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025" }, { "reference_url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "GHSA-mwmh-mq4g-g6gr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34773", "GHSA-mwmh-mq4g-g6gr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kk5-3p41-kycs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45956?format=api", "vulnerability_id": "VCID-2tjw-wwpp-57ac", "summary": "Improper Control of Generation of Code ('Code Injection')\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956" }, { "reference_url": "https://github.com/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7x97-j373-85x5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66789?format=api", "purl": "pkg:npm/electron@22.3.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/672780?format=api", "purl": "pkg:npm/electron@22.3.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/66790?format=api", "purl": "pkg:npm/electron@23.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/66791?format=api", "purl": "pkg:npm/electron@24.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66792?format=api", "purl": "pkg:npm/electron@25.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/66793?format=api", "purl": "pkg:npm/electron@26.0.0-beta.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/66907?format=api", "purl": "pkg:npm/electron@26.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0" } ], "aliases": [ "CVE-2023-39956", "GHSA-7x97-j373-85x5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tjw-wwpp-57ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63645?format=api", "vulnerability_id": "VCID-3wxh-7cvs-g3et", "summary": "Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01636", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004", "reference_id": "2455004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004" }, { "reference_url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "GHSA-9wfr-w7mm-pc7f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34769", "GHSA-9wfr-w7mm-pc7f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wxh-7cvs-g3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63633?format=api", "vulnerability_id": "VCID-4u89-87dg-zqdt", "summary": "Electron: Electron: Information disclosure via crafted second-instance message", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01714", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021", "reference_id": "2455021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021" }, { "reference_url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "GHSA-3c8v-cfp5-9885", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34776", "GHSA-3c8v-cfp5-9885" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u89-87dg-zqdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63336?format=api", "vulnerability_id": "VCID-5cmc-cnnq-xyhw", "summary": "Electron: Electron: Denial of Service via malformed clipboard image data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00323", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287" }, { "reference_url": "https://github.com/electron/electron/pull/50475", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/50475" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279", "reference_id": "2456279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279" }, { "reference_url": "https://github.com/advisories/GHSA-f37v-82c4-4x64", "reference_id": "GHSA-f37v-82c4-4x64", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f37v-82c4-4x64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111155?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111158?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111161?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/111164?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34781", "GHSA-f37v-82c4-4x64" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cmc-cnnq-xyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63636?format=api", "vulnerability_id": "VCID-5w4g-q3st-m7hf", "summary": "Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05536", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026", "reference_id": "2455026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026" }, { "reference_url": "https://github.com/advisories/GHSA-532v-xpq5-8h95", "reference_id": "GHSA-532v-xpq5-8h95", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-532v-xpq5-8h95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34774", "GHSA-532v-xpq5-8h95" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5w4g-q3st-m7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63643?format=api", "vulnerability_id": "VCID-6vad-u5vg-dba5", "summary": "Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01087", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998", "reference_id": "2454998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998" }, { "reference_url": "https://github.com/advisories/GHSA-9899-m83m-qhpj", "reference_id": "GHSA-9899-m83m-qhpj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9899-m83m-qhpj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34766", "GHSA-9899-m83m-qhpj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vad-u5vg-dba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45981?format=api", "vulnerability_id": "VCID-73qk-x8vr-sfdp", "summary": "Improper Check for Unusual or Exceptional Conditions\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198" }, { "reference_url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support" }, { "reference_url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66817?format=api", "purl": "pkg:npm/electron@22.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66818?format=api", "purl": "pkg:npm/electron@23.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66819?format=api", "purl": "pkg:npm/electron@24.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/672825?format=api", "purl": "pkg:npm/electron@24.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/66820?format=api", "purl": "pkg:npm/electron@25.0.0-alpha.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2" } ], "aliases": [ "CVE-2023-29198", "GHSA-p7v2-p9m8-qqg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73qk-x8vr-sfdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58057?format=api", "vulnerability_id": "VCID-7c28-bmu2-qbcs", "summary": "Electron has ASAR Integrity Bypass via resource modification\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00958", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b" }, { "reference_url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1" }, { "reference_url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d" }, { "reference_url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee" }, { "reference_url": "https://github.com/electron/electron/pull/48101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48101" }, { "reference_url": "https://github.com/electron/electron/pull/48102", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48102" }, { "reference_url": "https://github.com/electron/electron/pull/48103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48103" }, { "reference_url": "https://github.com/electron/electron/pull/48104", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48104" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398", "reference_id": "2393398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305", "reference_id": "CVE-2025-55305", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305" }, { "reference_url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86376?format=api", "purl": "pkg:npm/electron@35.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/86377?format=api", "purl": "pkg:npm/electron@36.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/86378?format=api", "purl": "pkg:npm/electron@37.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/86379?format=api", "purl": "pkg:npm/electron@38.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6" } ], "aliases": [ "CVE-2025-55305", "GHSA-vmqv-hx8q-j7mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7c28-bmu2-qbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46534?format=api", "vulnerability_id": "VCID-de1j-4qwd-duab", "summary": "ASAR Integrity bypass via filetype confusion in electron\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29775", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/39788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39788" }, { "reference_url": "https://www.electronjs.org/docs/latest/tutorial/fuses", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.electronjs.org/docs/latest/tutorial/fuses" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402", "reference_id": "CVE-2023-44402", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402" }, { "reference_url": "https://github.com/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7m48-wc93-9g85" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66909?format=api", "purl": "pkg:npm/electron@22.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66910?format=api", "purl": "pkg:npm/electron@24.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66911?format=api", "purl": "pkg:npm/electron@25.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66912?format=api", "purl": "pkg:npm/electron@26.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68004?format=api", "purl": "pkg:npm/electron@27.0.0-alpha.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/66908?format=api", "purl": "pkg:npm/electron@27.0.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1" } ], "aliases": [ "CVE-2023-44402", "GHSA-7m48-wc93-9g85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-de1j-4qwd-duab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63638?format=api", "vulnerability_id": "VCID-df1y-n1s8-x3g4", "summary": "Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005", "reference_id": "2455005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005" }, { "reference_url": "https://github.com/advisories/GHSA-9w97-2464-8783", "reference_id": "GHSA-9w97-2464-8783", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9w97-2464-8783" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110323?format=api", "purl": "pkg:npm/electron@41.0.0-beta.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h5f-hwjw-77dp" }, { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7" } ], "aliases": [ "CVE-2026-34772", "GHSA-9w97-2464-8783" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-df1y-n1s8-x3g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63632?format=api", "vulnerability_id": "VCID-egxx-avtf-ekah", "summary": "Electron: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00385", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022", "reference_id": "2455022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022" }, { "reference_url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "GHSA-r5p7-gp4j-qhrx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34777", "GHSA-r5p7-gp4j-qhrx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egxx-avtf-ekah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110623?format=api", "vulnerability_id": "VCID-ghpf-ugba-5ff8", "summary": "Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled\n### Impact\nThis vulnerability allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`.\n\nPlease note the misleadingly named `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access rather it depends on the existing `sandbox` setting. If your application is sandboxed then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs (which includes `ipcRenderer`).\n\nIf your application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.6`\n* `15.5.5`\n\n### Workarounds\nEnsure that all IPC message handlers appropriately validate `senderFrame` as per our [security tutorial here](https://github.com/electron/electron/blob/main/docs/tutorial/security.md#17-validate-the-sender-of-all-ipc-messages).\n\n### For more information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74462", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74493", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29247" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:29Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29247" }, { "reference_url": "https://github.com/advisories/GHSA-mq8j-3h7h-p8g7", "reference_id": "GHSA-mq8j-3h7h-p8g7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mq8j-3h7h-p8g7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149326?format=api", "purl": "pkg:npm/electron@15.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/149327?format=api", "purl": "pkg:npm/electron@16.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/149328?format=api", "purl": "pkg:npm/electron@17.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/149329?format=api", "purl": "pkg:npm/electron@18.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/503813?format=api", "purl": "pkg:npm/electron@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0" } ], "aliases": [ "CVE-2022-29247", "GHSA-mq8j-3h7h-p8g7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghpf-ugba-5ff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1090?format=api", "vulnerability_id": "VCID-ghpk-c1e6-pkae", "summary": "Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89878", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://crbug.com/1486441", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://crbug.com/1486441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/40022", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40022" }, { "reference_url": "https://github.com/electron/electron/pull/40023", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40023" }, { "reference_url": "https://github.com/electron/electron/pull/40024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40024" }, { "reference_url": "https://github.com/electron/electron/pull/40025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40025" }, { "reference_url": "https://github.com/electron/electron/pull/40026", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40026" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v22.3.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v22.3.25" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v24.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v24.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v25.8.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v25.8.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v26.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v26.2.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "reference_url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "reference_url": "https://github.com/webmproject/libvpx/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/tags" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "reference_url": "https://pastebin.com/TdkC4pDv", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://pastebin.com/TdkC4pDv" }, { "reference_url": "https://security.gentoo.org/glsa/202310-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202310-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202401-34" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "reference_url": "https://support.apple.com/kb/HT213961", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213961" }, { "reference_url": "https://support.apple.com/kb/HT213972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213972" }, { "reference_url": "https://twitter.com/maddiestone/status/1707163313711497266", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5508" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5509", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5509" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5510" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182", "reference_id": "1053182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "reference_id": "AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "reference_url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g", "reference_id": "GHSA-qqvq-6xgj-jw8g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44", "reference_id": "mfsa2023-44", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5426", "reference_id": "RHSA-2023:5426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5427", "reference_id": "RHSA-2023:5427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5428", "reference_id": "RHSA-2023:5428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5429", "reference_id": "RHSA-2023:5429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5430", "reference_id": "RHSA-2023:5430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5432", "reference_id": "RHSA-2023:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5433", "reference_id": "RHSA-2023:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5434", "reference_id": "RHSA-2023:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5435", "reference_id": "RHSA-2023:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5436", "reference_id": "RHSA-2023:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5437", "reference_id": "RHSA-2023:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5438", "reference_id": "RHSA-2023:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5439", "reference_id": "RHSA-2023:5439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5440", "reference_id": "RHSA-2023:5440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5475", "reference_id": "RHSA-2023:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5477", "reference_id": "RHSA-2023:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5534", "reference_id": "RHSA-2023:5534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5535", "reference_id": "RHSA-2023:5535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5536", "reference_id": "RHSA-2023:5536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5537", "reference_id": "RHSA-2023:5537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5538", "reference_id": "RHSA-2023:5538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5539", "reference_id": "RHSA-2023:5539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5540", "reference_id": "RHSA-2023:5540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5540" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "reference_id": "TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "reference_url": "https://usn.ubuntu.com/6403-1/", "reference_id": "USN-6403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-1/" }, { "reference_url": "https://usn.ubuntu.com/6403-2/", "reference_id": "USN-6403-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-2/" }, { "reference_url": "https://usn.ubuntu.com/6403-3/", "reference_id": "USN-6403-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-3/" }, { "reference_url": "https://usn.ubuntu.com/6404-1/", "reference_id": "USN-6404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6404-1/" }, { "reference_url": "https://usn.ubuntu.com/6405-1/", "reference_id": "USN-6405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6405-1/" }, { "reference_url": "https://usn.ubuntu.com/7172-1/", "reference_id": "USN-7172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67133?format=api", "purl": "pkg:npm/electron@22.3.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/66783?format=api", "purl": "pkg:npm/electron@23.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-c798-jt2a-23a5" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67134?format=api", "purl": "pkg:npm/electron@24.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/66787?format=api", "purl": "pkg:npm/electron@25.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67135?format=api", "purl": "pkg:npm/electron@25.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/66788?format=api", "purl": "pkg:npm/electron@26.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67136?format=api", "purl": "pkg:npm/electron@26.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/67137?format=api", "purl": "pkg:npm/electron@27.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8" } ], "aliases": [ "CVE-2023-5217", "GHSA-qqvq-6xgj-jw8g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghpk-c1e6-pkae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110726?format=api", "vulnerability_id": "VCID-hq5b-7dhx-c7er", "summary": "AutoUpdater module fails to validate certain nested components of the bundle\n### Impact\nThis vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.\n\nPlease note that this kind of attack would require **significant** privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.0`\n* `15.5.0`\n\n### Workarounds\nThere are no workarounds for this issue, please update to a patched version of Electron.\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.64009", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.64051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29257" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:31Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29257", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29257" }, { "reference_url": "https://github.com/advisories/GHSA-77xc-hjv8-ww97", "reference_id": "GHSA-77xc-hjv8-ww97", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77xc-hjv8-ww97" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149434?format=api", "purl": "pkg:npm/electron@15.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpf-ugba-5ff8" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/149435?format=api", "purl": "pkg:npm/electron@16.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpf-ugba-5ff8" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/149328?format=api", "purl": "pkg:npm/electron@17.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/149329?format=api", "purl": "pkg:npm/electron@18.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/503813?format=api", "purl": "pkg:npm/electron@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-tayz-pv63-g7g5" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0" } ], "aliases": [ "CVE-2022-29257", "GHSA-77xc-hjv8-ww97" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq5b-7dhx-c7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57556?format=api", "vulnerability_id": "VCID-hzte-vg4j-cbgt", "summary": "Electron vulnerable to Heap Buffer Overflow in NativeImage\nThe `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1468", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993", "reference_id": "CVE-2024-46993", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993" }, { "reference_url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85605?format=api", "purl": "pkg:npm/electron@28.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/85606?format=api", "purl": "pkg:npm/electron@29.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/85607?format=api", "purl": "pkg:npm/electron@30.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-9x1q-7ngy-jyhw" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3" } ], "aliases": [ "CVE-2024-46993", "GHSA-6r2x-8pq8-9489" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzte-vg4j-cbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63642?format=api", "vulnerability_id": "VCID-j8e6-q6j5-tyf8", "summary": "electron: Electron: HTTP Response Header Injection via attacker-controlled input", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0159", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000", "reference_id": "2455000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000" }, { "reference_url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "GHSA-4p4r-m79c-wq3v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/111293?format=api", "purl": "pkg:npm/electron@39.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111294?format=api", "purl": "pkg:npm/electron@40.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111295?format=api", "purl": "pkg:npm/electron@41.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3" } ], "aliases": [ "CVE-2026-34767", "GHSA-4p4r-m79c-wq3v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8e6-q6j5-tyf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63630?format=api", "vulnerability_id": "VCID-p1m4-3gu6-zffw", "summary": "Electron: Electron: Integrity issue due to IPC channel spoofing by a service worker", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00462", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024", "reference_id": "2455024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024" }, { "reference_url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "GHSA-xj5x-m3f3-5x3h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34778", "GHSA-xj5x-m3f3-5x3h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1m4-3gu6-zffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63641?format=api", "vulnerability_id": "VCID-pjqf-nps2-7yhc", "summary": "electron: Electron: Arbitrary code execution via unquoted path in Run registry key", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00328", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996", "reference_id": "2454996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996" }, { "reference_url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "GHSA-jfqx-fxh3-c62j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34768", "GHSA-jfqx-fxh3-c62j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqf-nps2-7yhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63338?format=api", "vulnerability_id": "VCID-qs5f-9ftk-fben", "summary": "electron: Electron: Arbitrary code execution or information disclosure via incorrect window handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07595", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278", "reference_id": "2456278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278" }, { "reference_url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "GHSA-f3pv-wv63-48x8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111155?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111158?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111161?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/111164?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34765", "GHSA-f3pv-wv63-48x8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs5f-9ftk-fben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89656?format=api", "vulnerability_id": "VCID-t1uc-59dn-j3gd", "summary": "Electron: Use-after-free in PowerMonitor on Windows and macOS\n### Impact\nApps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.\n\nAll apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770" }, { "reference_url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "GHSA-jjp3-mq3x-295m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34770", "GHSA-jjp3-mq3x-295m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1uc-59dn-j3gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100349?format=api", "vulnerability_id": "VCID-tayz-pv63-g7g5", "summary": "Electron: Redirection error and misuse of hashed credentials", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25928", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26031", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36077" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:23Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141029", "reference_id": "2141029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141029" }, { "reference_url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v", "reference_id": "GHSA-p2jh-44qj-pf2v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/148782?format=api", "purl": "pkg:npm/electron@18.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/148785?format=api", "purl": "pkg:npm/electron@19.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-dxjk-qzmb-6bca" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@19.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/148784?format=api", "purl": "pkg:npm/electron@20.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@20.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/504660?format=api", "purl": "pkg:npm/electron@21.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-73qk-x8vr-sfdp" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@21.0.1" } ], "aliases": [ "CVE-2022-36077", "GHSA-p2jh-44qj-pf2v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tayz-pv63-g7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89381?format=api", "vulnerability_id": "VCID-wfx6-9nh3-quar", "summary": "Electron: AppleScript injection in app.moveToApplicationsFolder on macOS\n### Impact\nOn macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.\n\nApps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.\n\n### Workarounds\nThere are no app side workarounds, developers must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01182", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779" }, { "reference_url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "GHSA-5rqw-r77c-jp79", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34779", "GHSA-5rqw-r77c-jp79" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfx6-9nh3-quar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63634?format=api", "vulnerability_id": "VCID-x7he-eg8d-g7hj", "summary": "Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02125", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023", "reference_id": "2455023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023" }, { "reference_url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "GHSA-xwr5-m59h-vwqr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109867?format=api", "purl": "pkg:npm/electron@39.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109868?format=api", "purl": "pkg:npm/electron@40.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34775", "GHSA-xwr5-m59h-vwqr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7he-eg8d-g7hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63639?format=api", "vulnerability_id": "VCID-zzcf-uus6-rqa8", "summary": "electron: Electron: Memory corruption or application crash via use-after-free in permission request handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995", "reference_id": "2454995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995" }, { "reference_url": "https://github.com/advisories/GHSA-8337-3p73-46f4", "reference_id": "GHSA-8337-3p73-46f4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8337-3p73-46f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34771", "GHSA-8337-3p73-46f4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzcf-uus6-rqa8" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@14.0.0-beta.21" }