Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/264234?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/264234?format=api", "purl": "pkg:npm/electron@10.3.2", "type": "npm", "namespace": "", "name": "electron", "version": "10.3.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "35.7.5", "latest_non_vulnerable_version": "42.0.0-alpha.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20059?format=api", "vulnerability_id": "VCID-7eu1-94qk-nuar", "summary": "ASAR Integrity bypass via filetype confusion in electron\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29749", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30147", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30108", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30058", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30071", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3005", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30004", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29932", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29816", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30183", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/39788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39788" }, { "reference_url": "https://www.electronjs.org/docs/latest/tutorial/fuses", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.electronjs.org/docs/latest/tutorial/fuses" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402", "reference_id": "CVE-2023-44402", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402" }, { "reference_url": "https://github.com/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m48-wc93-9g85" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59924?format=api", "purl": "pkg:npm/electron@22.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/59925?format=api", "purl": "pkg:npm/electron@24.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/59926?format=api", "purl": "pkg:npm/electron@25.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/59928?format=api", "purl": "pkg:npm/electron@26.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/61460?format=api", "purl": "pkg:npm/electron@27.0.0-alpha.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/59922?format=api", "purl": "pkg:npm/electron@27.0.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-vdzj-kqfy-d3b7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1" } ], "aliases": [ "CVE-2023-44402", "GHSA-7m48-wc93-9g85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7eu1-94qk-nuar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18956?format=api", "vulnerability_id": "VCID-a795-r67e-p3ck", "summary": "Improper Check for Unusual or Exceptional Conditions\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35398", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.34921", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35013", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35034", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35268", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.3528", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35319", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35331", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35293", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35373", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35315", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35352", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.3535", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198" }, { "reference_url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support" }, { "reference_url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59789?format=api", "purl": "pkg:npm/electron@22.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-vdzj-kqfy-d3b7" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/59790?format=api", "purl": "pkg:npm/electron@23.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/59791?format=api", "purl": "pkg:npm/electron@24.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/576145?format=api", "purl": "pkg:npm/electron@24.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-vdzj-kqfy-d3b7" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59792?format=api", "purl": "pkg:npm/electron@25.0.0-alpha.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2" } ], "aliases": [ "CVE-2023-29198", "GHSA-p7v2-p9m8-qqg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a795-r67e-p3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53587?format=api", "vulnerability_id": "VCID-a84t-cjcb-tqcw", "summary": "Exfiltration of hashed SMB credentials on Windows via file:// redirect\n### Impact\nWhen following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.\n\n### Patches\nThis issue has been fixed in all current stable versions of Electron. Specifically, these versions contain the fixes:\n\n- 21.0.0-beta.1\n- 20.0.1\n- 19.0.11\n- 18.3.7\n\nWe recommend all apps upgrade to the latest stable version of Electron.\n\n### Workarounds\nIf upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents:\n\n```js\napp.on('web-contents-created', (e, webContents) => {\n webContents.on('will-redirect', (e, url) => {\n if (/^file:/.test(url)) e.preventDefault()\n })\n})\n```\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).\n\n### Credit\nThanks to user @coolcoolnoworries for reporting this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.24921", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25101", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25076", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25067", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25039", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.24977", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.24966", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25032", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36077" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:23Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141029", "reference_id": "2141029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141029" }, { "reference_url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v", "reference_id": "GHSA-p2jh-44qj-pf2v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81162?format=api", "purl": "pkg:npm/electron@18.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/81164?format=api", "purl": "pkg:npm/electron@19.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" }, { "vulnerability": "VCID-z97r-xfv6-47e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@19.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/81163?format=api", "purl": "pkg:npm/electron@20.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@20.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/340522?format=api", "purl": "pkg:npm/electron@21.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@21.0.1" } ], "aliases": [ "CVE-2022-36077", "GHSA-p2jh-44qj-pf2v" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a84t-cjcb-tqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11387?format=api", "vulnerability_id": "VCID-cxz5-nf3y-zufn", "summary": "Exposure of Resource to Wrong Sphere\nElectron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability allows a sandboxed renderer to request a `thumbnail` image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58569", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58582", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58552", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58604", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58626", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58607", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.5862", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58625", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58602", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58571", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58584", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58476", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58561", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39184" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/30728", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/30728" }, { "reference_url": "https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39184", "reference_id": "CVE-2021-39184", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39184" }, { "reference_url": "https://github.com/advisories/GHSA-mpjm-v997-c4h4", "reference_id": "GHSA-mpjm-v997-c4h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpjm-v997-c4h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40968?format=api", "purl": "pkg:npm/electron@11.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" }, { "vulnerability": "VCID-xys1-xe1s-jqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40970?format=api", "purl": "pkg:npm/electron@12.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" }, { "vulnerability": "VCID-xys1-xe1s-jqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@12.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40971?format=api", "purl": "pkg:npm/electron@13.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" }, { "vulnerability": "VCID-xys1-xe1s-jqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/40972?format=api", "purl": "pkg:npm/electron@15.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" }, { "vulnerability": "VCID-xys1-xe1s-jqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.1.0" } ], "aliases": [ "CVE-2021-39184", "GHSA-mpjm-v997-c4h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxz5-nf3y-zufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19209?format=api", "vulnerability_id": "VCID-f81v-9fv8-93cd", "summary": "Out-of-bounds Write\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87744", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87745", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87731", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87733", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.8774", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87722", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03573", "scoring_system": "epss", "scoring_elements": "0.87728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88729", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88723", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04175", "scoring_system": "epss", "scoring_elements": "0.88728", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.049", "scoring_system": "epss", "scoring_elements": "0.89576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.049", "scoring_system": "epss", "scoring_elements": "0.89562", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://crbug.com/1486441", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://crbug.com/1486441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/40022", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40022" }, { "reference_url": "https://github.com/electron/electron/pull/40023", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40023" }, { "reference_url": "https://github.com/electron/electron/pull/40024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40024" }, { "reference_url": "https://github.com/electron/electron/pull/40025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40025" }, { "reference_url": "https://github.com/electron/electron/pull/40026", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40026" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v22.3.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v22.3.25" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v24.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v24.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v25.8.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v25.8.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v26.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v26.2.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "reference_url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "reference_url": "https://github.com/webmproject/libvpx/tags", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/tags" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" }, { "reference_url": "https://pastebin.com/TdkC4pDv", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://pastebin.com/TdkC4pDv" }, { "reference_url": "https://security.gentoo.org/glsa/202310-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202310-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202401-34" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "reference_url": "https://support.apple.com/kb/HT213961", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213961" }, { "reference_url": "https://support.apple.com/kb/HT213972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213972" }, { "reference_url": "https://twitter.com/maddiestone/status/1707163313711497266", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5508", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5508" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5509", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5509" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5510", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5510" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182", "reference_id": "1053182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "reference_id": "AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "reference_url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g", "reference_id": "GHSA-qqvq-6xgj-jw8g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5426", "reference_id": "RHSA-2023:5426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5427", "reference_id": "RHSA-2023:5427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5428", "reference_id": "RHSA-2023:5428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5429", "reference_id": "RHSA-2023:5429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5430", "reference_id": "RHSA-2023:5430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5432", "reference_id": "RHSA-2023:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5433", "reference_id": "RHSA-2023:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5434", "reference_id": "RHSA-2023:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5435", "reference_id": "RHSA-2023:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5436", "reference_id": "RHSA-2023:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5437", "reference_id": "RHSA-2023:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5438", "reference_id": "RHSA-2023:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5439", "reference_id": "RHSA-2023:5439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5440", "reference_id": "RHSA-2023:5440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5475", "reference_id": "RHSA-2023:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5477", "reference_id": "RHSA-2023:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5534", "reference_id": "RHSA-2023:5534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5535", "reference_id": "RHSA-2023:5535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5536", "reference_id": "RHSA-2023:5536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5537", "reference_id": "RHSA-2023:5537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5538", "reference_id": "RHSA-2023:5538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5539", "reference_id": "RHSA-2023:5539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5540", "reference_id": "RHSA-2023:5540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5540" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "reference_id": "TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "reference_url": "https://usn.ubuntu.com/6403-1/", "reference_id": "USN-6403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-1/" }, { "reference_url": "https://usn.ubuntu.com/6403-2/", "reference_id": "USN-6403-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-2/" }, { "reference_url": "https://usn.ubuntu.com/6403-3/", "reference_id": "USN-6403-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-3/" }, { "reference_url": "https://usn.ubuntu.com/6404-1/", "reference_id": "USN-6404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6404-1/" }, { "reference_url": "https://usn.ubuntu.com/6405-1/", "reference_id": "USN-6405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6405-1/" }, { "reference_url": "https://usn.ubuntu.com/7172-1/", "reference_id": "USN-7172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60242?format=api", "purl": "pkg:npm/electron@22.3.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/59748?format=api", "purl": "pkg:npm/electron@23.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-e5ej-zf6n-suf5" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60243?format=api", "purl": "pkg:npm/electron@24.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59752?format=api", "purl": "pkg:npm/electron@25.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60244?format=api", "purl": "pkg:npm/electron@25.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/59753?format=api", "purl": "pkg:npm/electron@26.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/60245?format=api", "purl": "pkg:npm/electron@26.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/60246?format=api", "purl": "pkg:npm/electron@27.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8" } ], "aliases": [ "CVE-2023-5217", "GHSA-qqvq-6xgj-jw8g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f81v-9fv8-93cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30106?format=api", "vulnerability_id": "VCID-j7d6-zp3s-67fq", "summary": "Electron vulnerable to Heap Buffer Overflow in NativeImage\n### Impact\nThe `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.\n\n### Workaround\nThere are no app-side workarounds for this issue. You must update your Electron version to be protected.\n\n### Patches\n\n- `v28.3.2`\n- `v29.3.3`\n- `v30.0.3`\n\n### For More Information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07845", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07806", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07839", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07882", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0773", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0783", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07785", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07831", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07865", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07788", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22228", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993" }, { "reference_url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70896?format=api", "purl": "pkg:npm/electron@28.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/70897?format=api", "purl": "pkg:npm/electron@29.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/70898?format=api", "purl": "pkg:npm/electron@30.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fuwj-56jp-tyds" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3" } ], "aliases": [ "CVE-2024-46993", "GHSA-6r2x-8pq8-9489" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7d6-zp3s-67fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54049?format=api", "vulnerability_id": "VCID-nx5d-r4jc-77df", "summary": "Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled\n### Impact\nThis vulnerability allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`.\n\nPlease note the misleadingly named `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access rather it depends on the existing `sandbox` setting. If your application is sandboxed then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs (which includes `ipcRenderer`).\n\nIf your application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.6`\n* `15.5.5`\n\n### Workarounds\nEnsure that all IPC message handlers appropriately validate `senderFrame` as per our [security tutorial here](https://github.com/electron/electron/blob/main/docs/tutorial/security.md#17-validate-the-sender-of-all-ipc-messages).\n\n### For more information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74188", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74094", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.7413", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74113", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74145", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74154", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74144", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.7418", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74064", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.7409", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00803", "scoring_system": "epss", "scoring_elements": "0.74062", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29247" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:29Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29247" }, { "reference_url": "https://github.com/advisories/GHSA-mq8j-3h7h-p8g7", "reference_id": "GHSA-mq8j-3h7h-p8g7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mq8j-3h7h-p8g7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81504?format=api", "purl": "pkg:npm/electron@15.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/81505?format=api", "purl": "pkg:npm/electron@16.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/81506?format=api", "purl": "pkg:npm/electron@17.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81507?format=api", "purl": "pkg:npm/electron@18.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/340493?format=api", "purl": "pkg:npm/electron@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0" } ], "aliases": [ "CVE-2022-29247", "GHSA-mq8j-3h7h-p8g7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx5d-r4jc-77df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54182?format=api", "vulnerability_id": "VCID-p167-yf3n-6qd5", "summary": "AutoUpdater module fails to validate certain nested components of the bundle\n### Impact\nThis vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.\n\nPlease note that this kind of attack would require **significant** privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.0`\n* `15.5.0`\n\n### Workarounds\nThere are no workarounds for this issue, please update to a patched version of Electron.\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63738", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63699", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63731", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63682", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63718", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63727", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63711", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63742", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63662", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63647", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29257" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:31Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29257", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29257" }, { "reference_url": "https://github.com/advisories/GHSA-77xc-hjv8-ww97", "reference_id": "GHSA-77xc-hjv8-ww97", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77xc-hjv8-ww97" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81610?format=api", "purl": "pkg:npm/electron@15.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81611?format=api", "purl": "pkg:npm/electron@16.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81506?format=api", "purl": "pkg:npm/electron@17.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81507?format=api", "purl": "pkg:npm/electron@18.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/340493?format=api", "purl": "pkg:npm/electron@18.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0" } ], "aliases": [ "CVE-2022-29257", "GHSA-77xc-hjv8-ww97" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p167-yf3n-6qd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25726?format=api", "vulnerability_id": "VCID-qd52-rbd7-qkbn", "summary": "Electron has ASAR Integrity Bypass via resource modification\n### Impact\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `38.0.0-beta.6`\n* `37.3.1`\n* `36.8.1`\n* `35.7.5`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00389", "published_at": "2026-04-29T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00393", "published_at": "2026-04-26T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00369", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00365", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00392", "published_at": "2026-04-24T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0038", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00372", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b" }, { "reference_url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1" }, { "reference_url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d" }, { "reference_url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee" }, { "reference_url": "https://github.com/electron/electron/pull/48101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48101" }, { "reference_url": "https://github.com/electron/electron/pull/48102", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48102" }, { "reference_url": "https://github.com/electron/electron/pull/48103", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48103" }, { "reference_url": "https://github.com/electron/electron/pull/48104", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48104" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398", "reference_id": "2393398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398" }, { "reference_url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68977?format=api", "purl": "pkg:npm/electron@35.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/68978?format=api", "purl": "pkg:npm/electron@36.8.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68979?format=api", "purl": "pkg:npm/electron@37.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68980?format=api", "purl": "pkg:npm/electron@38.0.0-beta.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6" } ], "aliases": [ "CVE-2025-55305", "GHSA-vmqv-hx8q-j7mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qd52-rbd7-qkbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18912?format=api", "vulnerability_id": "VCID-w7f7-5frp-n3br", "summary": "Improper Control of Generation of Code ('Code Injection')\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07579", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07662", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07649", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07635", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07559", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07548", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07687", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07637", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07615", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07567", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07643", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956" }, { "reference_url": "https://github.com/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x97-j373-85x5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59754?format=api", "purl": "pkg:npm/electron@22.3.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/576213?format=api", "purl": "pkg:npm/electron@22.3.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-vdzj-kqfy-d3b7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/59755?format=api", "purl": "pkg:npm/electron@23.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/59756?format=api", "purl": "pkg:npm/electron@24.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-vdzj-kqfy-d3b7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/59757?format=api", "purl": "pkg:npm/electron@25.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-vdzj-kqfy-d3b7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59758?format=api", "purl": "pkg:npm/electron@26.0.0-beta.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/59921?format=api", "purl": "pkg:npm/electron@26.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-vdzj-kqfy-d3b7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0" } ], "aliases": [ "CVE-2023-39956", "GHSA-7x97-j373-85x5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7f7-5frp-n3br" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13484?format=api", "vulnerability_id": "VCID-xys1-xe1s-jqha", "summary": "Exposure of Resource to Wrong Sphere\nElectron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74933", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74839", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74813", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74845", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74859", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74883", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74889", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74896", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74887", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74923", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74929", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00848", "scoring_system": "epss", "scoring_elements": "0.74811", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21718" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/32178", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/32178" }, { "reference_url": "https://github.com/electron/electron/pull/32240", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/32240" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21718", "reference_id": "CVE-2022-21718", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21718" }, { "reference_url": "https://github.com/advisories/GHSA-3p22-ghq8-v749", "reference_id": "GHSA-3p22-ghq8-v749", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3p22-ghq8-v749" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749", "reference_id": "GHSA-3p22-ghq8-v749", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48080?format=api", "purl": "pkg:npm/electron@13.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/48081?format=api", "purl": "pkg:npm/electron@14.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@14.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/48082?format=api", "purl": "pkg:npm/electron@15.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/48083?format=api", "purl": "pkg:npm/electron@16.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/80949?format=api", "purl": "pkg:npm/electron@17.0.0-alpha.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.0.0-alpha.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/48084?format=api", "purl": "pkg:npm/electron@17.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7eu1-94qk-nuar" }, { "vulnerability": "VCID-a795-r67e-p3ck" }, { "vulnerability": "VCID-a84t-cjcb-tqcw" }, { "vulnerability": "VCID-f81v-9fv8-93cd" }, { "vulnerability": "VCID-j7d6-zp3s-67fq" }, { "vulnerability": "VCID-nx5d-r4jc-77df" }, { "vulnerability": "VCID-p167-yf3n-6qd5" }, { "vulnerability": "VCID-qd52-rbd7-qkbn" }, { "vulnerability": "VCID-w7f7-5frp-n3br" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.0.1" } ], "aliases": [ "CVE-2022-21718", "GHSA-3p22-ghq8-v749" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xys1-xe1s-jqha" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.3.2" }