Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66786?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66786?format=api", "purl": "pkg:npm/electron@24.0.0-alpha.1", "type": "npm", "namespace": "", "name": "electron", "version": "24.0.0-alpha.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "39.8.5", "latest_non_vulnerable_version": "42.0.0-alpha.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63637?format=api", "vulnerability_id": "VCID-2kk5-3p41-kycs", "summary": "electron: Electron: Protocol handler hijacking via improper validation of protocol names", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06694", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025", "reference_id": "2455025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025" }, { "reference_url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "GHSA-mwmh-mq4g-g6gr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34773", "GHSA-mwmh-mq4g-g6gr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kk5-3p41-kycs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45956?format=api", "vulnerability_id": "VCID-2tjw-wwpp-57ac", "summary": "Improper Control of Generation of Code ('Code Injection')\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956" }, { "reference_url": "https://github.com/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7x97-j373-85x5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66791?format=api", "purl": "pkg:npm/electron@24.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66792?format=api", "purl": "pkg:npm/electron@25.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/66793?format=api", "purl": "pkg:npm/electron@26.0.0-beta.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/66907?format=api", "purl": "pkg:npm/electron@26.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0" } ], "aliases": [ "CVE-2023-39956", "GHSA-7x97-j373-85x5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tjw-wwpp-57ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63645?format=api", "vulnerability_id": "VCID-3wxh-7cvs-g3et", "summary": "Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01636", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004", "reference_id": "2455004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004" }, { "reference_url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "GHSA-9wfr-w7mm-pc7f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34769", "GHSA-9wfr-w7mm-pc7f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wxh-7cvs-g3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63633?format=api", "vulnerability_id": "VCID-4u89-87dg-zqdt", "summary": "Electron: Electron: Information disclosure via crafted second-instance message", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01714", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021", "reference_id": "2455021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021" }, { "reference_url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "GHSA-3c8v-cfp5-9885", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34776", "GHSA-3c8v-cfp5-9885" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u89-87dg-zqdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63336?format=api", "vulnerability_id": "VCID-5cmc-cnnq-xyhw", "summary": "Electron: Electron: Denial of Service via malformed clipboard image data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00323", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287" }, { "reference_url": "https://github.com/electron/electron/pull/50475", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/50475" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279", "reference_id": "2456279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279" }, { "reference_url": "https://github.com/advisories/GHSA-f37v-82c4-4x64", "reference_id": "GHSA-f37v-82c4-4x64", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f37v-82c4-4x64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111155?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111158?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111161?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/111164?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34781", "GHSA-f37v-82c4-4x64" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cmc-cnnq-xyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63636?format=api", "vulnerability_id": "VCID-5w4g-q3st-m7hf", "summary": "Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05536", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026", "reference_id": "2455026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026" }, { "reference_url": "https://github.com/advisories/GHSA-532v-xpq5-8h95", "reference_id": "GHSA-532v-xpq5-8h95", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-532v-xpq5-8h95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34774", "GHSA-532v-xpq5-8h95" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5w4g-q3st-m7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63643?format=api", "vulnerability_id": "VCID-6vad-u5vg-dba5", "summary": "Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01087", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998", "reference_id": "2454998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998" }, { "reference_url": "https://github.com/advisories/GHSA-9899-m83m-qhpj", "reference_id": "GHSA-9899-m83m-qhpj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9899-m83m-qhpj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34766", "GHSA-9899-m83m-qhpj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vad-u5vg-dba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45981?format=api", "vulnerability_id": "VCID-73qk-x8vr-sfdp", "summary": "Improper Check for Unusual or Exceptional Conditions\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3699", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198" }, { "reference_url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support" }, { "reference_url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66819?format=api", "purl": "pkg:npm/electron@24.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/672825?format=api", "purl": "pkg:npm/electron@24.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/66820?format=api", "purl": "pkg:npm/electron@25.0.0-alpha.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-2tjw-wwpp-57ac" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2" } ], "aliases": [ "CVE-2023-29198", "GHSA-p7v2-p9m8-qqg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73qk-x8vr-sfdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58057?format=api", "vulnerability_id": "VCID-7c28-bmu2-qbcs", "summary": "Electron has ASAR Integrity Bypass via resource modification\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00958", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b" }, { "reference_url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1" }, { "reference_url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d" }, { "reference_url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee" }, { "reference_url": "https://github.com/electron/electron/pull/48101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48101" }, { "reference_url": "https://github.com/electron/electron/pull/48102", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48102" }, { "reference_url": "https://github.com/electron/electron/pull/48103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48103" }, { "reference_url": "https://github.com/electron/electron/pull/48104", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48104" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398", "reference_id": "2393398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305", "reference_id": "CVE-2025-55305", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305" }, { "reference_url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86376?format=api", "purl": "pkg:npm/electron@35.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/86377?format=api", "purl": "pkg:npm/electron@36.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/86378?format=api", "purl": "pkg:npm/electron@37.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/86379?format=api", "purl": "pkg:npm/electron@38.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6" } ], "aliases": [ "CVE-2025-55305", "GHSA-vmqv-hx8q-j7mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7c28-bmu2-qbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46534?format=api", "vulnerability_id": "VCID-de1j-4qwd-duab", "summary": "ASAR Integrity bypass via filetype confusion in electron\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29775", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/39788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39788" }, { "reference_url": "https://www.electronjs.org/docs/latest/tutorial/fuses", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.electronjs.org/docs/latest/tutorial/fuses" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402", "reference_id": "CVE-2023-44402", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402" }, { "reference_url": "https://github.com/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7m48-wc93-9g85" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66910?format=api", "purl": "pkg:npm/electron@24.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66911?format=api", "purl": "pkg:npm/electron@25.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66912?format=api", "purl": "pkg:npm/electron@26.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68004?format=api", "purl": "pkg:npm/electron@27.0.0-alpha.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/66908?format=api", "purl": "pkg:npm/electron@27.0.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1" } ], "aliases": [ "CVE-2023-44402", "GHSA-7m48-wc93-9g85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-de1j-4qwd-duab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63638?format=api", "vulnerability_id": "VCID-df1y-n1s8-x3g4", "summary": "Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005", "reference_id": "2455005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005" }, { "reference_url": "https://github.com/advisories/GHSA-9w97-2464-8783", "reference_id": "GHSA-9w97-2464-8783", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9w97-2464-8783" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110323?format=api", "purl": "pkg:npm/electron@41.0.0-beta.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h5f-hwjw-77dp" }, { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7" } ], "aliases": [ "CVE-2026-34772", "GHSA-9w97-2464-8783" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-df1y-n1s8-x3g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63632?format=api", "vulnerability_id": "VCID-egxx-avtf-ekah", "summary": "Electron: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00385", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022", "reference_id": "2455022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022" }, { "reference_url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "GHSA-r5p7-gp4j-qhrx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34777", "GHSA-r5p7-gp4j-qhrx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egxx-avtf-ekah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57556?format=api", "vulnerability_id": "VCID-hzte-vg4j-cbgt", "summary": "Electron vulnerable to Heap Buffer Overflow in NativeImage\nThe `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1468", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993", "reference_id": "CVE-2024-46993", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993" }, { "reference_url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85605?format=api", "purl": "pkg:npm/electron@28.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/85606?format=api", "purl": "pkg:npm/electron@29.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/85607?format=api", "purl": "pkg:npm/electron@30.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-9x1q-7ngy-jyhw" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3" } ], "aliases": [ "CVE-2024-46993", "GHSA-6r2x-8pq8-9489" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzte-vg4j-cbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63642?format=api", "vulnerability_id": "VCID-j8e6-q6j5-tyf8", "summary": "electron: Electron: HTTP Response Header Injection via attacker-controlled input", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0159", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000", "reference_id": "2455000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000" }, { "reference_url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "GHSA-4p4r-m79c-wq3v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/111293?format=api", "purl": "pkg:npm/electron@39.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111294?format=api", "purl": "pkg:npm/electron@40.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111295?format=api", "purl": "pkg:npm/electron@41.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3" } ], "aliases": [ "CVE-2026-34767", "GHSA-4p4r-m79c-wq3v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8e6-q6j5-tyf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63630?format=api", "vulnerability_id": "VCID-p1m4-3gu6-zffw", "summary": "Electron: Electron: Integrity issue due to IPC channel spoofing by a service worker", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00462", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024", "reference_id": "2455024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024" }, { "reference_url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "GHSA-xj5x-m3f3-5x3h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34778", "GHSA-xj5x-m3f3-5x3h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1m4-3gu6-zffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63641?format=api", "vulnerability_id": "VCID-pjqf-nps2-7yhc", "summary": "electron: Electron: Arbitrary code execution via unquoted path in Run registry key", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00328", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996", "reference_id": "2454996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996" }, { "reference_url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "GHSA-jfqx-fxh3-c62j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34768", "GHSA-jfqx-fxh3-c62j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqf-nps2-7yhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63338?format=api", "vulnerability_id": "VCID-qs5f-9ftk-fben", "summary": "electron: Electron: Arbitrary code execution or information disclosure via incorrect window handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07595", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278", "reference_id": "2456278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278" }, { "reference_url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "GHSA-f3pv-wv63-48x8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111155?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111158?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111161?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/111164?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34765", "GHSA-f3pv-wv63-48x8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs5f-9ftk-fben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89656?format=api", "vulnerability_id": "VCID-t1uc-59dn-j3gd", "summary": "Electron: Use-after-free in PowerMonitor on Windows and macOS\n### Impact\nApps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.\n\nAll apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770" }, { "reference_url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "GHSA-jjp3-mq3x-295m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34770", "GHSA-jjp3-mq3x-295m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1uc-59dn-j3gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89381?format=api", "vulnerability_id": "VCID-wfx6-9nh3-quar", "summary": "Electron: AppleScript injection in app.moveToApplicationsFolder on macOS\n### Impact\nOn macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.\n\nApps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.\n\n### Workarounds\nThere are no app side workarounds, developers must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01182", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779" }, { "reference_url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "GHSA-5rqw-r77c-jp79", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34779", "GHSA-5rqw-r77c-jp79" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfx6-9nh3-quar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63634?format=api", "vulnerability_id": "VCID-x7he-eg8d-g7hj", "summary": "Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02125", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023", "reference_id": "2455023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023" }, { "reference_url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "GHSA-xwr5-m59h-vwqr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109867?format=api", "purl": "pkg:npm/electron@39.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109868?format=api", "purl": "pkg:npm/electron@40.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34775", "GHSA-xwr5-m59h-vwqr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7he-eg8d-g7hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63639?format=api", "vulnerability_id": "VCID-zzcf-uus6-rqa8", "summary": "electron: Electron: Memory corruption or application crash via use-after-free in permission request handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995", "reference_id": "2454995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995" }, { "reference_url": "https://github.com/advisories/GHSA-8337-3p73-46f4", "reference_id": "GHSA-8337-3p73-46f4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8337-3p73-46f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34771", "GHSA-8337-3p73-46f4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzcf-uus6-rqa8" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.0-alpha.1" }