Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/674076?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/674076?format=api", "purl": "pkg:npm/electron@26.2.0", "type": "npm", "namespace": "", "name": "electron", "version": "26.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "39.8.5", "latest_non_vulnerable_version": "42.0.0-alpha.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63637?format=api", "vulnerability_id": "VCID-2kk5-3p41-kycs", "summary": "electron: Electron: Protocol handler hijacking via improper validation of protocol names", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06684", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06698", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025", "reference_id": "2455025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025" }, { "reference_url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "GHSA-mwmh-mq4g-g6gr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34773", "GHSA-mwmh-mq4g-g6gr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kk5-3p41-kycs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63645?format=api", "vulnerability_id": "VCID-3wxh-7cvs-g3et", "summary": "Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01642", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01636", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01643", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004", "reference_id": "2455004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004" }, { "reference_url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "GHSA-9wfr-w7mm-pc7f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34769", "GHSA-9wfr-w7mm-pc7f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wxh-7cvs-g3et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63633?format=api", "vulnerability_id": "VCID-4u89-87dg-zqdt", "summary": "Electron: Electron: Information disclosure via crafted second-instance message", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01714", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0172", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021", "reference_id": "2455021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021" }, { "reference_url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "GHSA-3c8v-cfp5-9885", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34776", "GHSA-3c8v-cfp5-9885" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u89-87dg-zqdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63336?format=api", "vulnerability_id": "VCID-5cmc-cnnq-xyhw", "summary": "Electron: Electron: Denial of Service via malformed clipboard image data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00318", "published_at": "2026-06-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00323", "published_at": "2026-06-05T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00324", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287" }, { "reference_url": "https://github.com/electron/electron/pull/50475", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/50475" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279", "reference_id": "2456279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279" }, { "reference_url": "https://github.com/advisories/GHSA-f37v-82c4-4x64", "reference_id": "GHSA-f37v-82c4-4x64", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f37v-82c4-4x64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111155?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111158?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111161?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/111164?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34781", "GHSA-f37v-82c4-4x64" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cmc-cnnq-xyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63636?format=api", "vulnerability_id": "VCID-5w4g-q3st-m7hf", "summary": "Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05518", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05536", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05519", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026", "reference_id": "2455026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026" }, { "reference_url": "https://github.com/advisories/GHSA-532v-xpq5-8h95", "reference_id": "GHSA-532v-xpq5-8h95", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-532v-xpq5-8h95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34774", "GHSA-532v-xpq5-8h95" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5w4g-q3st-m7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63643?format=api", "vulnerability_id": "VCID-6vad-u5vg-dba5", "summary": "Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01087", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998", "reference_id": "2454998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998" }, { "reference_url": "https://github.com/advisories/GHSA-9899-m83m-qhpj", "reference_id": "GHSA-9899-m83m-qhpj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9899-m83m-qhpj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34766", "GHSA-9899-m83m-qhpj" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vad-u5vg-dba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58057?format=api", "vulnerability_id": "VCID-7c28-bmu2-qbcs", "summary": "Electron has ASAR Integrity Bypass via resource modification\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00959", "published_at": "2026-06-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00958", "published_at": "2026-06-05T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00957", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b" }, { "reference_url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1" }, { "reference_url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d" }, { "reference_url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee" }, { "reference_url": "https://github.com/electron/electron/pull/48101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48101" }, { "reference_url": "https://github.com/electron/electron/pull/48102", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48102" }, { "reference_url": "https://github.com/electron/electron/pull/48103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48103" }, { "reference_url": "https://github.com/electron/electron/pull/48104", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48104" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398", "reference_id": "2393398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305", "reference_id": "CVE-2025-55305", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305" }, { "reference_url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86376?format=api", "purl": "pkg:npm/electron@35.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/86377?format=api", "purl": "pkg:npm/electron@36.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/86378?format=api", "purl": "pkg:npm/electron@37.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/86379?format=api", "purl": "pkg:npm/electron@38.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6" } ], "aliases": [ "CVE-2025-55305", "GHSA-vmqv-hx8q-j7mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7c28-bmu2-qbcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46534?format=api", "vulnerability_id": "VCID-de1j-4qwd-duab", "summary": "ASAR Integrity bypass via filetype confusion in electron\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29775", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29673", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29705", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29738", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/39788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39788" }, { "reference_url": "https://www.electronjs.org/docs/latest/tutorial/fuses", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.electronjs.org/docs/latest/tutorial/fuses" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402", "reference_id": "CVE-2023-44402", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402" }, { "reference_url": "https://github.com/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m48-wc93-9g85" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66912?format=api", "purl": "pkg:npm/electron@26.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68004?format=api", "purl": "pkg:npm/electron@27.0.0-alpha.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/66908?format=api", "purl": "pkg:npm/electron@27.0.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-k669-cacz-9fcd" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1" } ], "aliases": [ "CVE-2023-44402", "GHSA-7m48-wc93-9g85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-de1j-4qwd-duab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63638?format=api", "vulnerability_id": "VCID-df1y-n1s8-x3g4", "summary": "Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02855", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02901", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02908", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005", "reference_id": "2455005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005" }, { "reference_url": "https://github.com/advisories/GHSA-9w97-2464-8783", "reference_id": "GHSA-9w97-2464-8783", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w97-2464-8783" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110323?format=api", "purl": "pkg:npm/electron@41.0.0-beta.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h5f-hwjw-77dp" }, { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7" } ], "aliases": [ "CVE-2026-34772", "GHSA-9w97-2464-8783" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-df1y-n1s8-x3g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63632?format=api", "vulnerability_id": "VCID-egxx-avtf-ekah", "summary": "Electron: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00382", "published_at": "2026-06-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00385", "published_at": "2026-06-05T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00387", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022", "reference_id": "2455022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022" }, { "reference_url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "GHSA-r5p7-gp4j-qhrx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34777", "GHSA-r5p7-gp4j-qhrx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egxx-avtf-ekah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1090?format=api", "vulnerability_id": "VCID-ghpk-c1e6-pkae", "summary": "Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89879", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89877", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89878", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://crbug.com/1486441", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://crbug.com/1486441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/40022", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40022" }, { "reference_url": "https://github.com/electron/electron/pull/40023", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40023" }, { "reference_url": "https://github.com/electron/electron/pull/40024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40024" }, { "reference_url": "https://github.com/electron/electron/pull/40025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40025" }, { "reference_url": "https://github.com/electron/electron/pull/40026", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40026" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v22.3.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v22.3.25" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v24.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v24.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v25.8.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v25.8.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v26.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v26.2.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "reference_url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "reference_url": "https://github.com/webmproject/libvpx/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/tags" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "reference_url": "https://pastebin.com/TdkC4pDv", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://pastebin.com/TdkC4pDv" }, { "reference_url": "https://security.gentoo.org/glsa/202310-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202310-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202401-34" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "reference_url": "https://support.apple.com/kb/HT213961", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213961" }, { "reference_url": "https://support.apple.com/kb/HT213972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213972" }, { "reference_url": "https://twitter.com/maddiestone/status/1707163313711497266", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5508" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5509", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5509" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5510" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182", "reference_id": "1053182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "reference_id": "AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "reference_url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g", "reference_id": "GHSA-qqvq-6xgj-jw8g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44", "reference_id": "mfsa2023-44", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5426", "reference_id": "RHSA-2023:5426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5427", "reference_id": "RHSA-2023:5427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5428", "reference_id": "RHSA-2023:5428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5429", "reference_id": "RHSA-2023:5429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5430", "reference_id": "RHSA-2023:5430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5432", "reference_id": "RHSA-2023:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5433", "reference_id": "RHSA-2023:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5434", "reference_id": "RHSA-2023:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5435", "reference_id": "RHSA-2023:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5436", "reference_id": "RHSA-2023:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5437", "reference_id": "RHSA-2023:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5438", "reference_id": "RHSA-2023:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5439", "reference_id": "RHSA-2023:5439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5440", "reference_id": "RHSA-2023:5440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5475", "reference_id": "RHSA-2023:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5477", "reference_id": "RHSA-2023:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5534", "reference_id": "RHSA-2023:5534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5535", "reference_id": "RHSA-2023:5535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5536", "reference_id": "RHSA-2023:5536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5537", "reference_id": "RHSA-2023:5537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5538", "reference_id": "RHSA-2023:5538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5539", "reference_id": "RHSA-2023:5539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5540", "reference_id": "RHSA-2023:5540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5540" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "reference_id": "TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "reference_url": "https://usn.ubuntu.com/6403-1/", "reference_id": "USN-6403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-1/" }, { "reference_url": "https://usn.ubuntu.com/6403-2/", "reference_id": "USN-6403-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-2/" }, { "reference_url": "https://usn.ubuntu.com/6403-3/", "reference_id": "USN-6403-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-3/" }, { "reference_url": "https://usn.ubuntu.com/6404-1/", "reference_id": "USN-6404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6404-1/" }, { "reference_url": "https://usn.ubuntu.com/6405-1/", "reference_id": "USN-6405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6405-1/" }, { "reference_url": "https://usn.ubuntu.com/7172-1/", "reference_id": "USN-7172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67136?format=api", "purl": "pkg:npm/electron@26.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/67137?format=api", "purl": "pkg:npm/electron@27.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8" } ], "aliases": [ "CVE-2023-5217", "GHSA-qqvq-6xgj-jw8g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghpk-c1e6-pkae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57556?format=api", "vulnerability_id": "VCID-hzte-vg4j-cbgt", "summary": "Electron vulnerable to Heap Buffer Overflow in NativeImage\nThe `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14645", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14686", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1468", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993", "reference_id": "CVE-2024-46993", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993" }, { "reference_url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85605?format=api", "purl": "pkg:npm/electron@28.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/85606?format=api", "purl": "pkg:npm/electron@29.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/85607?format=api", "purl": "pkg:npm/electron@30.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-9x1q-7ngy-jyhw" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3" } ], "aliases": [ "CVE-2024-46993", "GHSA-6r2x-8pq8-9489" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzte-vg4j-cbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63642?format=api", "vulnerability_id": "VCID-j8e6-q6j5-tyf8", "summary": "electron: Electron: HTTP Response Header Injection via attacker-controlled input", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01597", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0159", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01596", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000", "reference_id": "2455000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000" }, { "reference_url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "GHSA-4p4r-m79c-wq3v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/111293?format=api", "purl": "pkg:npm/electron@39.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111294?format=api", "purl": "pkg:npm/electron@40.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/111295?format=api", "purl": "pkg:npm/electron@41.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3" } ], "aliases": [ "CVE-2026-34767", "GHSA-4p4r-m79c-wq3v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8e6-q6j5-tyf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/972?format=api", "vulnerability_id": "VCID-k669-cacz-9fcd", "summary": "Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. *Note: This advisory was previously also tracked as CVE-2023-5129.*", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json" }, { "reference_url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway" }, { "reference_url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93301", "scoring_system": "epss", "scoring_elements": "0.99816", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.93301", "scoring_system": "epss", "scoring_elements": "0.99817", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4863" }, { "reference_url": "https://blog.isosceles.com/the-webp-0day", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.isosceles.com/the-webp-0day" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html" }, { "reference_url": "https://crbug.com/1479274", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://crbug.com/1479274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863" }, { "reference_url": "https://en.bandisoft.com/honeyview/history", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://en.bandisoft.com/honeyview/history" }, { "reference_url": "https://en.bandisoft.com/honeyview/history/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://en.bandisoft.com/honeyview/history/" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0" }, { "reference_url": "https://github.com/electron/electron/pull/39823", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39823" }, { "reference_url": "https://github.com/electron/electron/pull/39825", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39825" }, { "reference_url": "https://github.com/electron/electron/pull/39826", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39826" }, { "reference_url": "https://github.com/electron/electron/pull/39827", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39827" }, { "reference_url": "https://github.com/electron/electron/pull/39828", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39828" }, { "reference_url": "https://github.com/ImageMagick/ImageMagick/discussions/6664", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ImageMagick/ImageMagick/discussions/6664" }, { "reference_url": "https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc" }, { "reference_url": "https://github.com/jaredforth/webp/pull/30", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jaredforth/webp/pull/30" }, { "reference_url": "https://github.com/python-pillow/Pillow/pull/7395", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/python-pillow/Pillow/pull/7395" }, { "reference_url": "https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b" }, { "reference_url": "https://github.com/qnighy/libwebp-sys2-rs/pull/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/qnighy/libwebp-sys2-rs/pull/21" }, { "reference_url": "https://github.com/webmproject/libwebp", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/webmproject/libwebp" }, { "reference_url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a" }, { "reference_url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://github.com/webmproject/libwebp/releases/tag/v1.3.2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://news.ycombinator.com/item?id=37478403", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://news.ycombinator.com/item?id=37478403" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863" }, { "reference_url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0060.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0060.html" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0061.html" }, { "reference_url": "https://security.gentoo.org/glsa/202309-05", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security.gentoo.org/glsa/202309-05" }, { "reference_url": "https://security.gentoo.org/glsa/202401-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security.gentoo.org/glsa/202401-10" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230929-0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230929-0011" }, { "reference_url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://sethmlarson.dev/security-developer-in-residence-weekly-report-16" }, { "reference_url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863" }, { "reference_url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/" }, { "reference_url": "https://www.bentley.com/advisories/be-2023-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bentley.com/advisories/be-2023-0001" }, { "reference_url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks" }, { "reference_url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5496", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5496" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5497", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5497" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5498", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5498" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/21/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/26/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/26/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787", "reference_id": "1051787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431", "reference_id": "2238431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238431" }, { "reference_url": "https://www.bentley.com/advisories/be-2023-0001/", "reference_id": "be-2023-0001", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://www.bentley.com/advisories/be-2023-0001/" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863", "reference_id": "CVE-2023-4863", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-4863", "reference_id": "CVE-2023-4863", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-4863" }, { "reference_url": "https://github.com/advisories/GHSA-j7hp-h8jx-5ppr", "reference_id": "GHSA-j7hp-h8jx-5ppr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j7hp-h8jx-5ppr" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "reference_id": "KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40", "reference_id": "mfsa2023-40", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-40" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230929-0011/", "reference_id": "ntap-20230929-0011", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230929-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5183", "reference_id": "RHSA-2023:5183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5184", "reference_id": "RHSA-2023:5184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5185", "reference_id": "RHSA-2023:5185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5186", "reference_id": "RHSA-2023:5186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5187", "reference_id": "RHSA-2023:5187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5188", "reference_id": "RHSA-2023:5188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5189", "reference_id": "RHSA-2023:5189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5190", "reference_id": "RHSA-2023:5190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5191", "reference_id": "RHSA-2023:5191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5192", "reference_id": "RHSA-2023:5192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5197", "reference_id": "RHSA-2023:5197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5198", "reference_id": "RHSA-2023:5198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5198" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5200", "reference_id": "RHSA-2023:5200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5201", "reference_id": "RHSA-2023:5201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5202", "reference_id": "RHSA-2023:5202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5204", "reference_id": "RHSA-2023:5204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5205", "reference_id": "RHSA-2023:5205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5214", "reference_id": "RHSA-2023:5214", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5214" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5222", "reference_id": "RHSA-2023:5222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5223", "reference_id": "RHSA-2023:5223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5224", "reference_id": "RHSA-2023:5224", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5236", "reference_id": "RHSA-2023:5236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5309", "reference_id": "RHSA-2023:5309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5309" }, { "reference_url": "https://usn.ubuntu.com/6367-1/", "reference_id": "USN-6367-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6367-1/" }, { "reference_url": "https://usn.ubuntu.com/6368-1/", "reference_id": "USN-6368-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6368-1/" }, { "reference_url": "https://usn.ubuntu.com/6369-1/", "reference_id": "USN-6369-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6369-1/" }, { "reference_url": "https://usn.ubuntu.com/6369-2/", "reference_id": "USN-6369-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6369-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66912?format=api", "purl": "pkg:npm/electron@26.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67132?format=api", "purl": "pkg:npm/electron@27.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-de1j-4qwd-duab" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66913?format=api", "purl": "pkg:npm/electron@27.0.0-beta.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-3wxh-7cvs-g3et" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-6vad-u5vg-dba5" }, { "vulnerability": "VCID-7c28-bmu2-qbcs" }, { "vulnerability": "VCID-df1y-n1s8-x3g4" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-ghpk-c1e6-pkae" }, { "vulnerability": "VCID-hzte-vg4j-cbgt" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" }, { "vulnerability": "VCID-zzcf-uus6-rqa8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.2" } ], "aliases": [ "CVE-2023-4863", "GHSA-j7hp-h8jx-5ppr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k669-cacz-9fcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63630?format=api", "vulnerability_id": "VCID-p1m4-3gu6-zffw", "summary": "Electron: Electron: Integrity issue due to IPC channel spoofing by a service worker", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0046", "published_at": "2026-06-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00462", "published_at": "2026-06-05T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00463", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024", "reference_id": "2455024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024" }, { "reference_url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "GHSA-xj5x-m3f3-5x3h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109949?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34778", "GHSA-xj5x-m3f3-5x3h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1m4-3gu6-zffw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63641?format=api", "vulnerability_id": "VCID-pjqf-nps2-7yhc", "summary": "electron: Electron: Arbitrary code execution via unquoted path in Run registry key", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00323", "published_at": "2026-06-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00328", "published_at": "2026-06-05T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0033", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996", "reference_id": "2454996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996" }, { "reference_url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "GHSA-jfqx-fxh3-c62j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34768", "GHSA-jfqx-fxh3-c62j" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqf-nps2-7yhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63338?format=api", "vulnerability_id": "VCID-qs5f-9ftk-fben", "summary": "electron: Electron: Arbitrary code execution or information disclosure via incorrect window handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07583", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07595", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07605", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278", "reference_id": "2456278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278" }, { "reference_url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "GHSA-f3pv-wv63-48x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111155?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111158?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/111161?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/111164?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34765", "GHSA-f3pv-wv63-48x8" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs5f-9ftk-fben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89656?format=api", "vulnerability_id": "VCID-t1uc-59dn-j3gd", "summary": "Electron: Use-after-free in PowerMonitor on Windows and macOS\n### Impact\nApps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.\n\nAll apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02855", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02908", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02901", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770" }, { "reference_url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "GHSA-jjp3-mq3x-295m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34770", "GHSA-jjp3-mq3x-295m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1uc-59dn-j3gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89381?format=api", "vulnerability_id": "VCID-wfx6-9nh3-quar", "summary": "Electron: AppleScript injection in app.moveToApplicationsFolder on macOS\n### Impact\nOn macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.\n\nApps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.\n\n### Workarounds\nThere are no app side workarounds, developers must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01182", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01183", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779" }, { "reference_url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "GHSA-5rqw-r77c-jp79", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109947?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/110557?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34779", "GHSA-5rqw-r77c-jp79" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfx6-9nh3-quar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63634?format=api", "vulnerability_id": "VCID-x7he-eg8d-g7hj", "summary": "Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02122", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02125", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02132", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023", "reference_id": "2455023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023" }, { "reference_url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "GHSA-xwr5-m59h-vwqr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/109867?format=api", "purl": "pkg:npm/electron@39.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109868?format=api", "purl": "pkg:npm/electron@40.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/109869?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34775", "GHSA-xwr5-m59h-vwqr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7he-eg8d-g7hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63639?format=api", "vulnerability_id": "VCID-zzcf-uus6-rqa8", "summary": "electron: Electron: Memory corruption or application crash via use-after-free in permission request handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04564", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0459", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04577", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995", "reference_id": "2454995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995" }, { "reference_url": "https://github.com/advisories/GHSA-8337-3p73-46f4", "reference_id": "GHSA-8337-3p73-46f4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8337-3p73-46f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109866?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-qs5f-9ftk-fben" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/110321?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110322?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-pjqf-nps2-7yhc" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-t1uc-59dn-j3gd" }, { "vulnerability": "VCID-wfx6-9nh3-quar" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/110558?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kk5-3p41-kycs" }, { "vulnerability": "VCID-4u89-87dg-zqdt" }, { "vulnerability": "VCID-5cmc-cnnq-xyhw" }, { "vulnerability": "VCID-5w4g-q3st-m7hf" }, { "vulnerability": "VCID-egxx-avtf-ekah" }, { "vulnerability": "VCID-j8e6-q6j5-tyf8" }, { "vulnerability": "VCID-jy1k-8gy7-pkb7" }, { "vulnerability": "VCID-p1m4-3gu6-zffw" }, { "vulnerability": "VCID-qs5f-9ftk-fben" }, { "vulnerability": "VCID-x7he-eg8d-g7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34771", "GHSA-8337-3p73-46f4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzcf-uus6-rqa8" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.0" }