| 0 |
|
| 1 |
| url |
VCID-3wxh-7cvs-g3et |
| vulnerability_id |
VCID-3wxh-7cvs-g3et |
| summary |
Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
|
|
| aliases |
CVE-2026-34769, GHSA-9wfr-w7mm-pc7f
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3wxh-7cvs-g3et |
|
| 2 |
|
| 3 |
|
| 4 |
| url |
VCID-5w4g-q3st-m7hf |
| vulnerability_id |
VCID-5w4g-q3st-m7hf |
| summary |
Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 2 |
|
|
| aliases |
CVE-2026-34774, GHSA-532v-xpq5-8h95
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5w4g-q3st-m7hf |
|
| 5 |
| url |
VCID-6vad-u5vg-dba5 |
| vulnerability_id |
VCID-6vad-u5vg-dba5 |
| summary |
Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
|
|
| aliases |
CVE-2026-34766, GHSA-9899-m83m-qhpj
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vad-u5vg-dba5 |
|
| 6 |
| url |
VCID-df1y-n1s8-x3g4 |
| vulnerability_id |
VCID-df1y-n1s8-x3g4 |
| summary |
Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
| url |
pkg:npm/electron@41.0.0-beta.7 |
| purl |
pkg:npm/electron@41.0.0-beta.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2h5f-hwjw-77dp |
|
| 1 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 2 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 3 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 4 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 5 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 6 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 7 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 8 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 9 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7 |
|
|
| aliases |
CVE-2026-34772, GHSA-9w97-2464-8783
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-df1y-n1s8-x3g4 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| url |
VCID-t1uc-59dn-j3gd |
| vulnerability_id |
VCID-t1uc-59dn-j3gd |
| summary |
Electron: Use-after-free in PowerMonitor on Windows and macOS
### Impact
Apps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.
All apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.
### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.
### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org) |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-34770, GHSA-jjp3-mq3x-295m
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t1uc-59dn-j3gd |
|
| 14 |
| url |
VCID-wfx6-9nh3-quar |
| vulnerability_id |
VCID-wfx6-9nh3-quar |
| summary |
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
### Impact
On macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.
Apps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.
### Workarounds
There are no app side workarounds, developers must update to a patched version of Electron.
### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org) |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-34779, GHSA-5rqw-r77c-jp79
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfx6-9nh3-quar |
|
| 15 |
|
| 16 |
| url |
VCID-zzcf-uus6-rqa8 |
| vulnerability_id |
VCID-zzcf-uus6-rqa8 |
| summary |
electron: Electron: Memory corruption or application crash via use-after-free in permission request handling |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
|
|
| aliases |
CVE-2026-34771, GHSA-8337-3p73-46f4
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zzcf-uus6-rqa8 |
|