Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@30.0.0-beta.6
Typenpm
Namespace
Nameelectron
Version30.0.0-beta.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version35.7.5
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
0
url VCID-fuwj-56jp-tyds
vulnerability_id VCID-fuwj-56jp-tyds
summary 
electron ASAR Integrity bypass by just modifying the content
electron's ASAR Integrity can be bypass by modifying the content.

### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are unimpacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.

### Fixed Versions
* `30.0.5`
* `31.0.0-beta.1`

### For more information
If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46992
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03912
published_at 2026-04-21T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.0381
published_at 2026-04-12T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03822
published_at 2026-04-04T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03837
published_at 2026-04-07T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03842
published_at 2026-04-08T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03867
published_at 2026-04-09T12:55:00Z
6
value 0.00016
scoring_system epss
scoring_elements 0.0383
published_at 2026-04-11T12:55:00Z
7
value 0.00016
scoring_system epss
scoring_elements 0.03783
published_at 2026-04-13T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03764
published_at 2026-04-16T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03788
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46992
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T14:32:53Z/
url https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46992
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46992
4
reference_url https://www.electronjs.org/docs/latest/tutorial/fuses
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T14:32:53Z/
url https://www.electronjs.org/docs/latest/tutorial/fuses
5
reference_url https://github.com/advisories/GHSA-xw5q-g62x-2qjc
reference_id GHSA-xw5q-g62x-2qjc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xw5q-g62x-2qjc
fixed_packages
0
url pkg:npm/electron@30.0.5
purl pkg:npm/electron@30.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.5
1
url pkg:npm/electron@31.0.0-beta.1
purl pkg:npm/electron@31.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-beta.1
aliases CVE-2024-46992, GHSA-xw5q-g62x-2qjc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuwj-56jp-tyds
1
url VCID-j7d6-zp3s-67fq
vulnerability_id VCID-j7d6-zp3s-67fq
summary 
Electron vulnerable to Heap Buffer Overflow in NativeImage
### Impact
The `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.

### Workaround
There are no app-side workarounds for this issue. You must update your Electron version to be protected.

### Patches

- `v28.3.2`
- `v29.3.3`
- `v30.0.3`

### For More Information

If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-46993
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.07865
published_at 2026-04-09T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.07882
published_at 2026-04-21T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.0773
published_at 2026-04-18T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.07744
published_at 2026-04-16T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.0783
published_at 2026-04-13T12:55:00Z
5
value 0.00028
scoring_system epss
scoring_elements 0.07856
published_at 2026-04-11T12:55:00Z
6
value 0.00028
scoring_system epss
scoring_elements 0.07788
published_at 2026-04-07T12:55:00Z
7
value 0.00028
scoring_system epss
scoring_elements 0.07845
published_at 2026-04-08T12:55:00Z
8
value 0.00028
scoring_system epss
scoring_elements 0.07844
published_at 2026-04-12T12:55:00Z
9
value 0.00028
scoring_system epss
scoring_elements 0.07785
published_at 2026-04-02T12:55:00Z
10
value 0.00028
scoring_system epss
scoring_elements 0.07831
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-46993
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/
url https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-46993
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-46993
5
reference_url https://github.com/advisories/GHSA-6r2x-8pq8-9489
reference_id GHSA-6r2x-8pq8-9489
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6r2x-8pq8-9489
fixed_packages
0
url pkg:npm/electron@30.0.3
purl pkg:npm/electron@30.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fuwj-56jp-tyds
1
vulnerability VCID-qd52-rbd7-qkbn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3
aliases CVE-2024-46993, GHSA-6r2x-8pq8-9489
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7d6-zp3s-67fq
2
url VCID-qd52-rbd7-qkbn
vulnerability_id VCID-qd52-rbd7-qkbn
summary 
Electron has ASAR Integrity Bypass via resource modification
### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.

### Fixed Versions
* `38.0.0-beta.6`
* `37.3.1`
* `36.8.1`
* `35.7.5`

### For more information
If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55305
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00393
published_at 2026-04-21T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00369
published_at 2026-04-18T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00365
published_at 2026-04-16T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.0037
published_at 2026-04-13T12:55:00Z
4
value 6e-05
scoring_system epss
scoring_elements 0.00372
published_at 2026-04-12T12:55:00Z
5
value 6e-05
scoring_system epss
scoring_elements 0.00392
published_at 2026-04-04T12:55:00Z
6
value 6e-05
scoring_system epss
scoring_elements 0.00378
published_at 2026-04-09T12:55:00Z
7
value 6e-05
scoring_system epss
scoring_elements 0.00377
published_at 2026-04-08T12:55:00Z
8
value 6e-05
scoring_system epss
scoring_elements 0.0038
published_at 2026-04-07T12:55:00Z
9
value 6e-05
scoring_system epss
scoring_elements 0.00375
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55305
2
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
3
reference_url https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b
4
reference_url https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1
5
reference_url https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d
6
reference_url https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee
7
reference_url https://github.com/electron/electron/pull/48101
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48101
8
reference_url https://github.com/electron/electron/pull/48102
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48102
9
reference_url https://github.com/electron/electron/pull/48103
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48103
10
reference_url https://github.com/electron/electron/pull/48104
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/pull/48104
11
reference_url https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/
url https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55305
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55305
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393398
reference_id 2393398
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393398
14
reference_url https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
reference_id GHSA-vmqv-hx8q-j7mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmqv-hx8q-j7mg
fixed_packages
0
url pkg:npm/electron@35.7.5
purl pkg:npm/electron@35.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5
1
url pkg:npm/electron@36.8.1
purl pkg:npm/electron@36.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1
2
url pkg:npm/electron@37.3.1
purl pkg:npm/electron@37.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1
3
url pkg:npm/electron@38.0.0-beta.6
purl pkg:npm/electron@38.0.0-beta.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6
aliases CVE-2025-55305, GHSA-vmqv-hx8q-j7mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qd52-rbd7-qkbn
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.6