VulnerableCode Package Details - pkg:npm/electron@39.8.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-7yvz-624p-m7fe Aliases: CVE-2026-34764 GHSA-8x5q-pvf5-64mp	Electron: Use-after-free in offscreen shared texture release() callback	39.8.5 Affected by 0 other vulnerabilities. 40.8.5 Affected by 0 other vulnerabilities. 41.1.0 Affected by 0 other vulnerabilities. 42.0.0-alpha.5 Affected by 0 other vulnerabilities.
VCID-rcpz-szwh-h7gk Aliases: CVE-2026-34765 GHSA-f3pv-wv63-48x8	Electron: Named window.open targets not scoped to the opener's browsing context	39.8.5 Affected by 0 other vulnerabilities. 40.8.5 Affected by 0 other vulnerabilities. 41.1.0 Affected by 0 other vulnerabilities. 42.0.0-alpha.5 Affected by 0 other vulnerabilities.
VCID-xrgp-tcyv-qka8 Aliases: CVE-2026-34781 GHSA-f37v-82c4-4x64	Electron: Crash in clipboard.readImage() on malformed clipboard image data	39.8.5 Affected by 0 other vulnerabilities. 40.8.5 Affected by 0 other vulnerabilities. 41.1.0 Affected by 0 other vulnerabilities. 42.0.0-alpha.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7yvz-624p-m7fe
Aliases:
CVE-2026-34764
GHSA-8x5q-pvf5-64mp

Electron: Use-after-free in offscreen shared texture release() callback

39.8.5
Affected by 0 other vulnerabilities.

40.8.5
Affected by 0 other vulnerabilities.

41.1.0
Affected by 0 other vulnerabilities.

42.0.0-alpha.5
Affected by 0 other vulnerabilities.

VCID-rcpz-szwh-h7gk
Aliases:
CVE-2026-34765
GHSA-f3pv-wv63-48x8

Electron: Named window.open targets not scoped to the opener's browsing context

39.8.5
Affected by 0 other vulnerabilities.

40.8.5
Affected by 0 other vulnerabilities.

41.1.0
Affected by 0 other vulnerabilities.

42.0.0-alpha.5
Affected by 0 other vulnerabilities.

VCID-xrgp-tcyv-qka8
Aliases:
CVE-2026-34781
GHSA-f37v-82c4-4x64

Electron: Crash in clipboard.readImage() on malformed clipboard image data

39.8.5
Affected by 0 other vulnerabilities.

40.8.5
Affected by 0 other vulnerabilities.

41.1.0
Affected by 0 other vulnerabilities.

42.0.0-alpha.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cjzy-nxnq-ffdp	Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes ### Impact The `nodeIntegrationInWorker` webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with `nodeIntegrationInWorker: false` could still receive Node.js integration. Apps are only affected if they enable `nodeIntegrationInWorker`. Apps that do not use `nodeIntegrationInWorker` are not affected. ### Workarounds Avoid enabling `nodeIntegrationInWorker` in apps that also open child windows or embed content with differing webPreferences. ### Fixed Versions * `41.0.0` * `40.8.4` * `39.8.4` * `38.8.6` ### For more information If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)	CVE-2026-34775 GHSA-xwr5-m59h-vwqr

Vulnerability

Summary

Aliases

VCID-cjzy-nxnq-ffdp

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes ### Impact The `nodeIntegrationInWorker` webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with `nodeIntegrationInWorker: false` could still receive Node.js integration. Apps are only affected if they enable `nodeIntegrationInWorker`. Apps that do not use `nodeIntegrationInWorker` are not affected. ### Workarounds Avoid enabling `nodeIntegrationInWorker` in apps that also open child windows or embed content with differing webPreferences. ### Fixed Versions * `41.0.0` * `40.8.4` * `39.8.4` * `38.8.6` ### For more information If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)

CVE-2026-34775
GHSA-xwr5-m59h-vwqr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-08T15:25:52.144140+00:00	GitLab Importer	Affected by	VCID-xrgp-tcyv-qka8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2026-34781.yml	38.6.0
2026-05-08T15:25:15.622132+00:00	GitLab Importer	Affected by	VCID-rcpz-szwh-h7gk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2026-34765.yml	38.6.0
2026-05-06T16:48:57.305303+00:00	GitLab Importer	Affected by	VCID-7yvz-624p-m7fe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2026-34764.yml	38.6.0
2026-05-05T12:40:50.734467+00:00	GitLab Importer	Fixing	VCID-cjzy-nxnq-ffdp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2026-34775.yml	38.6.0
2026-04-04T14:32:50.903609+00:00	GHSA Importer	Fixing	VCID-cjzy-nxnq-ffdp	https://github.com/advisories/GHSA-xwr5-m59h-vwqr	38.1.0
2026-04-03T21:42:20.131136+00:00	GithubOSV Importer	Fixing	VCID-cjzy-nxnq-ffdp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-xwr5-m59h-vwqr/GHSA-xwr5-m59h-vwqr.json	38.1.0