Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@26.0.0-beta.4
Typenpm
Namespace
Nameelectron
Version26.0.0-beta.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version35.7.5
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
0
url VCID-7eu1-94qk-nuar
vulnerability_id VCID-7eu1-94qk-nuar
summary 
ASAR Integrity bypass via filetype confusion in electron
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.  This issue is specific to macOS as these fuses are only currently supported on macOS.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44402
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30183
published_at 2026-04-02T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30004
published_at 2026-04-21T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.3005
published_at 2026-04-18T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30071
published_at 2026-04-16T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30058
published_at 2026-04-13T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30108
published_at 2026-04-12T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.3015
published_at 2026-04-11T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30147
published_at 2026-04-09T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30111
published_at 2026-04-08T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.30051
published_at 2026-04-07T12:55:00Z
10
value 0.00115
scoring_system epss
scoring_elements 0.30232
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44402
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/pull/39788
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39788
3
reference_url https://www.electronjs.org/docs/latest/tutorial/fuses
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.electronjs.org/docs/latest/tutorial/fuses
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44402
reference_id CVE-2023-44402
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44402
5
reference_url https://github.com/advisories/GHSA-7m48-wc93-9g85
reference_id GHSA-7m48-wc93-9g85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7m48-wc93-9g85
6
reference_url https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85
reference_id GHSA-7m48-wc93-9g85
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85
fixed_packages
0
url pkg:npm/electron@26.2.1
purl pkg:npm/electron@26.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f81v-9fv8-93cd
1
vulnerability VCID-j7d6-zp3s-67fq
2
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1
1
url pkg:npm/electron@27.0.0-alpha.7
purl pkg:npm/electron@27.0.0-alpha.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7
2
url pkg:npm/electron@27.0.0-beta.1
purl pkg:npm/electron@27.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f81v-9fv8-93cd
1
vulnerability VCID-j7d6-zp3s-67fq
2
vulnerability VCID-qd52-rbd7-qkbn
3
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1
aliases CVE-2023-44402, GHSA-7m48-wc93-9g85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7eu1-94qk-nuar
1
url VCID-j7d6-zp3s-67fq
vulnerability_id VCID-j7d6-zp3s-67fq
summary 
Electron vulnerable to Heap Buffer Overflow in NativeImage
### Impact
The `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

### Workaround
There are no app-side workarounds for this issue. You must update your Electron version to be protected.

### Patches

- `v28.3.2`
- `v29.3.3`
- `v30.0.3`

### For More Information

If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46993
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.07865
published_at 2026-04-09T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.07882
published_at 2026-04-21T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.0773
published_at 2026-04-18T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.07744
published_at 2026-04-16T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.0783
published_at 2026-04-13T12:55:00Z
5
value 0.00028
scoring_system epss
scoring_elements 0.07856
published_at 2026-04-11T12:55:00Z
6
value 0.00028
scoring_system epss
scoring_elements 0.07788
published_at 2026-04-07T12:55:00Z
7
value 0.00028
scoring_system epss
scoring_elements 0.07845
published_at 2026-04-08T12:55:00Z
8
value 0.00028
scoring_system epss
scoring_elements 0.07844
published_at 2026-04-12T12:55:00Z
9
value 0.00028
scoring_system epss
scoring_elements 0.07785
published_at 2026-04-02T12:55:00Z
10
value 0.00028
scoring_system epss
scoring_elements 0.07831
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46993
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/
url https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46993
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46993
5
reference_url https://github.com/advisories/GHSA-6r2x-8pq8-9489
reference_id GHSA-6r2x-8pq8-9489
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6r2x-8pq8-9489
fixed_packages
0
url pkg:npm/electron@28.3.2
purl pkg:npm/electron@28.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2
1
url pkg:npm/electron@29.3.3
purl pkg:npm/electron@29.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3
2
url pkg:npm/electron@30.0.3
purl pkg:npm/electron@30.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuwj-56jp-tyds
1
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3
aliases CVE-2024-46993, GHSA-6r2x-8pq8-9489
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7d6-zp3s-67fq
2
url VCID-qd52-rbd7-qkbn
vulnerability_id VCID-qd52-rbd7-qkbn
summary 
Electron has ASAR Integrity Bypass via resource modification
### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.

### Fixed Versions
* `38.0.0-beta.6`
* `37.3.1`
* `36.8.1`
* `35.7.5`

### For more information
If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55305
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00393
published_at 2026-04-21T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00369
published_at 2026-04-18T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00365
published_at 2026-04-16T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.0037
published_at 2026-04-13T12:55:00Z
4
value 6e-05
scoring_system epss
scoring_elements 0.00372
published_at 2026-04-12T12:55:00Z
5
value 6e-05
scoring_system epss
scoring_elements 0.00392
published_at 2026-04-04T12:55:00Z
6
value 6e-05
scoring_system epss
scoring_elements 0.00378
published_at 2026-04-09T12:55:00Z
7
value 6e-05
scoring_system epss
scoring_elements 0.00377
published_at 2026-04-08T12:55:00Z
8
value 6e-05
scoring_system epss
scoring_elements 0.0038
published_at 2026-04-07T12:55:00Z
9
value 6e-05
scoring_system epss
scoring_elements 0.00375
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55305
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
4
reference_url https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
5
reference_url https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
6
reference_url https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
7
reference_url https://github.com/electron/electron/pull/48101
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48101
8
reference_url https://github.com/electron/electron/pull/48102
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48102
9
reference_url https://github.com/electron/electron/pull/48103
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48103
10
reference_url https://github.com/electron/electron/pull/48104
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48104
11
reference_url https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55305
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55305
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393398
reference_id 2393398
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393398
14
reference_url https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
reference_id GHSA-vmqv-hx8q-j7mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
fixed_packages
0
url pkg:npm/electron@35.7.5
purl pkg:npm/electron@35.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5
1
url pkg:npm/electron@36.8.1
purl pkg:npm/electron@36.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1
2
url pkg:npm/electron@37.3.1
purl pkg:npm/electron@37.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1
3
url pkg:npm/electron@38.0.0-beta.6
purl pkg:npm/electron@38.0.0-beta.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6
aliases CVE-2025-55305, GHSA-vmqv-hx8q-j7mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qd52-rbd7-qkbn
3
url VCID-w7f7-5frp-n3br
vulnerability_id VCID-w7f7-5frp-n3br
summary 
Improper Control of Generation of Code ('Code Injection')
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39956
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07687
published_at 2026-04-21T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07609
published_at 2026-04-04T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07584
published_at 2026-04-07T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07643
published_at 2026-04-08T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07661
published_at 2026-04-09T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07662
published_at 2026-04-11T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.07649
published_at 2026-04-12T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07635
published_at 2026-04-13T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.07559
published_at 2026-04-16T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07548
published_at 2026-04-18T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07567
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39956
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39956
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39956
3
reference_url https://github.com/advisories/GHSA-7x97-j373-85x5
reference_id GHSA-7x97-j373-85x5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7x97-j373-85x5
4
reference_url https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5
reference_id GHSA-7x97-j373-85x5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/
url https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5
fixed_packages
0
url pkg:npm/electron@26.0.0-beta.13
purl pkg:npm/electron@26.0.0-beta.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13
1
url pkg:npm/electron@26.0.0
purl pkg:npm/electron@26.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-f81v-9fv8-93cd
2
vulnerability VCID-j7d6-zp3s-67fq
3
vulnerability VCID-qd52-rbd7-qkbn
4
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0
aliases CVE-2023-39956, GHSA-7x97-j373-85x5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7f7-5frp-n3br
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.4