Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-rcpz-szwh-h7gk |
|---|
| Summary | Electron: Named window.open targets not scoped to the opener's browsing context |
|---|
| Aliases |
| 0 |
|
| 1 |
| alias |
GHSA-f3pv-wv63-48x8 |
|
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
| 0 |
| url |
pkg:npm/electron@40.0.0-alpha.1 |
| purl |
pkg:npm/electron@40.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2uv6-6zfm-x7c6 |
|
| 1 |
| vulnerability |
VCID-7yvz-624p-m7fe |
|
| 2 |
| vulnerability |
VCID-bh69-2dsz-2qbf |
|
| 3 |
| vulnerability |
VCID-cjzy-nxnq-ffdp |
|
| 4 |
| vulnerability |
VCID-erya-bqnr-1qht |
|
| 5 |
| vulnerability |
VCID-gxk8-9wc6-wkhs |
|
| 6 |
| vulnerability |
VCID-hynm-7wty-ruhq |
|
| 7 |
| vulnerability |
VCID-k7gj-cczw-wfeb |
|
| 8 |
| vulnerability |
VCID-ktbs-t8kb-5kch |
|
| 9 |
| vulnerability |
VCID-phbq-fatc-mbh2 |
|
| 10 |
| vulnerability |
VCID-r7j1-66md-zkak |
|
| 11 |
| vulnerability |
VCID-rcpz-szwh-h7gk |
|
| 12 |
| vulnerability |
VCID-t1z9-bmnv-57bm |
|
| 13 |
| vulnerability |
VCID-ttvv-eca2-sfhu |
|
| 14 |
| vulnerability |
VCID-uwqv-4aqn-87fd |
|
| 15 |
| vulnerability |
VCID-vda9-xbsz-d7fm |
|
| 16 |
| vulnerability |
VCID-vp7h-hm4e-quaj |
|
| 17 |
| vulnerability |
VCID-xrgp-tcyv-qka8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.0.0-alpha.1 |
|
| 1 |
| url |
pkg:npm/electron@41.0.0-alpha.1 |
| purl |
pkg:npm/electron@41.0.0-alpha.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2uv6-6zfm-x7c6 |
|
| 1 |
| vulnerability |
VCID-7yvz-624p-m7fe |
|
| 2 |
| vulnerability |
VCID-bh69-2dsz-2qbf |
|
| 3 |
| vulnerability |
VCID-cjzy-nxnq-ffdp |
|
| 4 |
| vulnerability |
VCID-erya-bqnr-1qht |
|
| 5 |
| vulnerability |
VCID-gxk8-9wc6-wkhs |
|
| 6 |
| vulnerability |
VCID-hynm-7wty-ruhq |
|
| 7 |
| vulnerability |
VCID-k7gj-cczw-wfeb |
|
| 8 |
| vulnerability |
VCID-ktbs-t8kb-5kch |
|
| 9 |
| vulnerability |
VCID-phbq-fatc-mbh2 |
|
| 10 |
| vulnerability |
VCID-r7j1-66md-zkak |
|
| 11 |
| vulnerability |
VCID-rcpz-szwh-h7gk |
|
| 12 |
| vulnerability |
VCID-t1z9-bmnv-57bm |
|
| 13 |
| vulnerability |
VCID-ttvv-eca2-sfhu |
|
| 14 |
| vulnerability |
VCID-uwqv-4aqn-87fd |
|
| 15 |
| vulnerability |
VCID-vda9-xbsz-d7fm |
|
| 16 |
| vulnerability |
VCID-vp7h-hm4e-quaj |
|
| 17 |
| vulnerability |
VCID-xrgp-tcyv-qka8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-alpha.1 |
|
| 2 |
|
|
|---|
| References |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34765 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06164 |
| published_at |
2026-05-05T12:55:00Z |
|
| 1 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06084 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06105 |
| published_at |
2026-04-24T12:55:00Z |
|
| 3 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06135 |
| published_at |
2026-04-26T12:55:00Z |
|
| 4 |
| value |
0.00022 |
| scoring_system |
epss |
| scoring_elements |
0.06142 |
| published_at |
2026-04-29T12:55:00Z |
|
| 5 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.15993 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.15933 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.15971 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00051 |
| scoring_system |
epss |
| scoring_elements |
0.1593 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.17888 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.1784 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00057 |
| scoring_system |
epss |
| scoring_elements |
0.1783 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34765 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8 |
| reference_id |
GHSA-f3pv-wv63-48x8 |
| reference_type |
|
| scores |
| 0 |
| value |
6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
|
| 2 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T14:30:47Z/ |
|
| 5 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/ |
|
|
| url |
https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8 |
|
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
668 |
| name |
Exposure of Resource to Wrong Sphere |
| description |
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
|
| 1 |
| cwe_id |
653 |
| name |
Improper Isolation or Compartmentalization |
| description |
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 4.0 - 7.1 |
|---|
| Exploitability | 0.5 |
|---|
| Weighted_severity | 6.4 |
|---|
| Risk_score | 3.2 |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-rcpz-szwh-h7gk |
|---|