Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@31.0.0-beta.1
Typenpm
Namespace
Nameelectron
Version31.0.0-beta.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version35.7.5
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
0
url VCID-qd52-rbd7-qkbn
vulnerability_id VCID-qd52-rbd7-qkbn
summary 
Electron has ASAR Integrity Bypass via resource modification
### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.

### Fixed Versions
* `38.0.0-beta.6`
* `37.3.1`
* `36.8.1`
* `35.7.5`

### For more information
If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55305
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00393
published_at 2026-04-21T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00369
published_at 2026-04-18T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00365
published_at 2026-04-16T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.0037
published_at 2026-04-13T12:55:00Z
4
value 6e-05
scoring_system epss
scoring_elements 0.00372
published_at 2026-04-12T12:55:00Z
5
value 6e-05
scoring_system epss
scoring_elements 0.00392
published_at 2026-04-04T12:55:00Z
6
value 6e-05
scoring_system epss
scoring_elements 0.00378
published_at 2026-04-09T12:55:00Z
7
value 6e-05
scoring_system epss
scoring_elements 0.00377
published_at 2026-04-08T12:55:00Z
8
value 6e-05
scoring_system epss
scoring_elements 0.0038
published_at 2026-04-07T12:55:00Z
9
value 6e-05
scoring_system epss
scoring_elements 0.00375
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55305
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
4
reference_url https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
5
reference_url https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
6
reference_url https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
7
reference_url https://github.com/electron/electron/pull/48101
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48101
8
reference_url https://github.com/electron/electron/pull/48102
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48102
9
reference_url https://github.com/electron/electron/pull/48103
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48103
10
reference_url https://github.com/electron/electron/pull/48104
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48104
11
reference_url https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55305
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55305
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393398
reference_id 2393398
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393398
14
reference_url https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
reference_id GHSA-vmqv-hx8q-j7mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
fixed_packages
0
url pkg:npm/electron@35.7.5
purl pkg:npm/electron@35.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5
1
url pkg:npm/electron@36.8.1
purl pkg:npm/electron@36.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1
2
url pkg:npm/electron@37.3.1
purl pkg:npm/electron@37.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1
3
url pkg:npm/electron@38.0.0-beta.6
purl pkg:npm/electron@38.0.0-beta.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6
aliases CVE-2025-55305, GHSA-vmqv-hx8q-j7mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qd52-rbd7-qkbn
Fixing_vulnerabilities
0
url VCID-fuwj-56jp-tyds
vulnerability_id VCID-fuwj-56jp-tyds
summary 
electron ASAR Integrity bypass by just modifying the content
electron's ASAR Integrity can be bypass by modifying the content.

### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are unimpacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.

### Fixed Versions
* `30.0.5`
* `31.0.0-beta.1`

### For more information
If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46992
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03912
published_at 2026-04-21T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.0381
published_at 2026-04-12T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03822
published_at 2026-04-04T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03837
published_at 2026-04-07T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03842
published_at 2026-04-08T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03867
published_at 2026-04-09T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.0383
published_at 2026-04-11T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03783
published_at 2026-04-13T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03764
published_at 2026-04-16T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03788
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46992
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T14:32:53Z/
url https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46992
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46992
4
reference_url https://www.electronjs.org/docs/latest/tutorial/fuses
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T14:32:53Z/
url https://www.electronjs.org/docs/latest/tutorial/fuses
5
reference_url https://github.com/advisories/GHSA-xw5q-g62x-2qjc
reference_id GHSA-xw5q-g62x-2qjc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xw5q-g62x-2qjc
fixed_packages
0
url pkg:npm/electron@30.0.5
purl pkg:npm/electron@30.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.5
1
url pkg:npm/electron@31.0.0-beta.1
purl pkg:npm/electron@31.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-beta.1
aliases CVE-2024-46992, GHSA-xw5q-g62x-2qjc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuwj-56jp-tyds
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-beta.1