{"url":"http://public2.vulnerablecode.io/api/packages/103996?format=json","purl":"pkg:npm/electron@0.1.2","type":"npm","namespace":"","name":"electron","version":"0.1.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.33.5","latest_non_vulnerable_version":"42.0.0-alpha.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11857?format=json","vulnerability_id":"VCID-6mzu-jpf5-bqev","summary":"High severity vulnerability that affects electron\nUntrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000054","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000054"},{"reference_url":"http://jvn.jp/en/jp/JVN00324715/index.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN00324715/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1202","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18142","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1202"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d"},{"reference_url":"https://github.com/electron/electron/pull/2976","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/2976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1202","reference_id":"CVE-2016-1202","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1202"},{"reference_url":"https://github.com/advisories/GHSA-gvcj-pfq2-wxj7","reference_id":"GHSA-gvcj-pfq2-wxj7","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvcj-pfq2-wxj7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53529?format=json","purl":"pkg:npm/electron@0.33.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@0.33.5"},{"url":"http://public2.vulnerablecode.io/api/packages/104002?format=json","purl":"pkg:npm/electron@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qpmf-uyaf-r3d4"},{"vulnerability":"VCID-w4rm-6cgm-f3e7"},{"vulnerability":"VCID-yb5e-wsdt-xqdq"},{"vulnerability":"VCID-yxz1-cafx-7bdm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.3.1"}],"aliases":["CVE-2016-1202","GHSA-gvcj-pfq2-wxj7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mzu-jpf5-bqev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12673?format=json","vulnerability_id":"VCID-qpmf-uyaf-r3d4","summary":"Code Injection\nA remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16151","reference_id":"","reference_type":"","scores":[{"value":"0.02704","scoring_system":"epss","scoring_elements":"0.8615","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16151"},{"reference_url":"https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"},{"reference_url":"https://electronjs.org/blog/chromium-rce-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://electronjs.org/blog/chromium-rce-vulnerability"},{"reference_url":"https://www.npmjs.com/advisories/539","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/539"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16151","reference_id":"CVE-2017-16151","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16151"},{"reference_url":"https://github.com/advisories/GHSA-4w88-rjj3-x7wp","reference_id":"GHSA-4w88-rjj3-x7wp","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4w88-rjj3-x7wp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53187?format=json","purl":"pkg:npm/electron@1.6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qpmf-uyaf-r3d4"},{"vulnerability":"VCID-yb5e-wsdt-xqdq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.6.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53188?format=json","purl":"pkg:npm/electron@1.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pdz4-dhj4-d7fh"},{"vulnerability":"VCID-rf9p-9byw-fqa7"},{"vulnerability":"VCID-yb5e-wsdt-xqdq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.7.8"}],"aliases":["CVE-2017-16151","GHSA-4w88-rjj3-x7wp"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpmf-uyaf-r3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11671?format=json","vulnerability_id":"VCID-w4rm-6cgm-f3e7","summary":"Chromium Remote Code Execution\nA remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled.","references":[{"reference_url":"https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix","reference_id":"","reference_type":"","scores":[],"url":"https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53187?format=json","purl":"pkg:npm/electron@1.6.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qpmf-uyaf-r3d4"},{"vulnerability":"VCID-yb5e-wsdt-xqdq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.6.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53188?format=json","purl":"pkg:npm/electron@1.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pdz4-dhj4-d7fh"},{"vulnerability":"VCID-rf9p-9byw-fqa7"},{"vulnerability":"VCID-yb5e-wsdt-xqdq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.7.8"}],"aliases":["GMS-2017-249"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4rm-6cgm-f3e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12200?format=json","vulnerability_id":"VCID-yb5e-wsdt-xqdq","summary":"OS Command Injection\nGithub Electron version Electron contains a Command Injection vulnerability in Protocol Handler that can result in command execute.This issue is due to an incomplete fix for CVE-2018-1000006, specifically the block list used was not case insensitive allowing an attacker to potentially bypass it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000118","reference_id":"","reference_type":"","scores":[{"value":"0.05222","scoring_system":"epss","scoring_elements":"0.90093","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000118"},{"reference_url":"https://electronjs.org/releases#1.8.2-beta.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://electronjs.org/releases#1.8.2-beta.5"},{"reference_url":"https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000118","reference_id":"CVE-2018-1000118","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000118"},{"reference_url":"https://github.com/advisories/GHSA-fjqr-fx3f-g4rv","reference_id":"GHSA-fjqr-fx3f-g4rv","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjqr-fx3f-g4rv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73803?format=json","purl":"pkg:npm/electron@1.8.2-beta5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.2-beta5"},{"url":"http://public2.vulnerablecode.io/api/packages/53909?format=json","purl":"pkg:npm/electron@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pdz4-dhj4-d7fh"},{"vulnerability":"VCID-rf9p-9byw-fqa7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.2"}],"aliases":["CVE-2018-1000118","GHSA-fjqr-fx3f-g4rv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yb5e-wsdt-xqdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11483?format=json","vulnerability_id":"VCID-yxz1-cafx-7bdm","summary":"OS Command Injection\nRecent Electron versions do not have strict Same Origin Policy (SOP) enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12581","reference_id":"","reference_type":"","scores":[{"value":"0.02336","scoring_system":"epss","scoring_elements":"0.85113","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12581"},{"reference_url":"https://blog.doyensec.com/2017/08/03/electron-framework-security.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.doyensec.com/2017/08/03/electron-framework-security.html"},{"reference_url":"https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/commit/05b6d91bf4c1e0ee65eeef70cd5d1bd1df125644","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/05b6d91bf4c1e0ee65eeef70cd5d1bd1df125644"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12581","reference_id":"CVE-2017-12581","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12581"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52829?format=json","purl":"pkg:npm/electron@1.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hx63-a2dc-e3ax"},{"vulnerability":"VCID-qpmf-uyaf-r3d4"},{"vulnerability":"VCID-w4rm-6cgm-f3e7"},{"vulnerability":"VCID-yb5e-wsdt-xqdq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.6.8"}],"aliases":["CVE-2017-12581","GHSA-7fv9-m79r-j9x8"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxz1-cafx-7bdm"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@0.1.2"}