Search for packages
| purl | pkg:npm/electerm@3.9.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bsue-h9tr-2bbc | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0. |
CVE-2026-45353
GHSA-7p5m-v798-f8vv |
| VCID-tky5-4uvt-9ucd | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5. |
CVE-2026-45787
GHSA-g29v-q6h7-76wh |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T21:02:56.030907+00:00 | GitLab Importer | Fixing | VCID-tky5-4uvt-9ucd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electerm/CVE-2026-45787.yml | 38.6.0 |
| 2026-06-13T21:01:48.861152+00:00 | GitLab Importer | Fixing | VCID-bsue-h9tr-2bbc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electerm/CVE-2026-45353.yml | 38.6.0 |
| 2026-06-13T06:30:25.374223+00:00 | GHSA Importer | Fixing | VCID-tky5-4uvt-9ucd | https://github.com/advisories/GHSA-g29v-q6h7-76wh | 38.6.0 |
| 2026-06-12T07:51:32.186201+00:00 | GithubOSV Importer | Fixing | VCID-tky5-4uvt-9ucd | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-g29v-q6h7-76wh/GHSA-g29v-q6h7-76wh.json | 38.6.0 |