{"url":"http://public2.vulnerablecode.io/api/packages/264234?format=json","purl":"pkg:npm/electron@10.3.2","type":"npm","namespace":"","name":"electron","version":"10.3.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"35.7.5","latest_non_vulnerable_version":"42.0.0-alpha.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20059?format=json","vulnerability_id":"VCID-7eu1-94qk-nuar","summary":"ASAR Integrity bypass via filetype confusion in electron\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.  This issue is specific to macOS as these fuses are only currently supported on macOS.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29749","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30051","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30111","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30071","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3005","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30004","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30183","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/39788","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39788"},{"reference_url":"https://www.electronjs.org/docs/latest/tutorial/fuses","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.electronjs.org/docs/latest/tutorial/fuses"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402","reference_id":"CVE-2023-44402","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402"},{"reference_url":"https://github.com/advisories/GHSA-7m48-wc93-9g85","reference_id":"GHSA-7m48-wc93-9g85","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m48-wc93-9g85"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85","reference_id":"GHSA-7m48-wc93-9g85","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59924?format=json","purl":"pkg:npm/electron@22.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24"},{"url":"http://public2.vulnerablecode.io/api/packages/59925?format=json","purl":"pkg:npm/electron@24.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/59926?format=json","purl":"pkg:npm/electron@25.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/59928?format=json","purl":"pkg:npm/electron@26.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/61460?format=json","purl":"pkg:npm/electron@27.0.0-alpha.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7"},{"url":"http://public2.vulnerablecode.io/api/packages/59922?format=json","purl":"pkg:npm/electron@27.0.0-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1"}],"aliases":["CVE-2023-44402","GHSA-7m48-wc93-9g85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7eu1-94qk-nuar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18956?format=json","vulnerability_id":"VCID-a795-r67e-p3ck","summary":"Improper Check for Unusual or Exceptional Conditions\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29198","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35398","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34921","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35013","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35034","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35268","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3528","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35319","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35331","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35293","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35373","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35315","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35352","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3535","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29198"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29198","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29198"},{"reference_url":"https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/"}],"url":"https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"},{"reference_url":"https://github.com/advisories/GHSA-p7v2-p9m8-qqg7","reference_id":"GHSA-p7v2-p9m8-qqg7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p7v2-p9m8-qqg7"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7","reference_id":"GHSA-p7v2-p9m8-qqg7","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59789?format=json","purl":"pkg:npm/electron@22.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/59790?format=json","purl":"pkg:npm/electron@23.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/59791?format=json","purl":"pkg:npm/electron@24.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/576145?format=json","purl":"pkg:npm/electron@24.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59792?format=json","purl":"pkg:npm/electron@25.0.0-alpha.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2"}],"aliases":["CVE-2023-29198","GHSA-p7v2-p9m8-qqg7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a795-r67e-p3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53587?format=json","vulnerability_id":"VCID-a84t-cjcb-tqcw","summary":"Exfiltration of hashed SMB credentials on Windows via file:// redirect\n### Impact\nWhen following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.\n\n### Patches\nThis issue has been fixed in all current stable versions of Electron. Specifically, these versions contain the fixes:\n\n- 21.0.0-beta.1\n- 20.0.1\n- 19.0.11\n- 18.3.7\n\nWe recommend all apps upgrade to the latest stable version of Electron.\n\n### Workarounds\nIf upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents:\n\n```js\napp.on('web-contents-created', (e, webContents) => {\n  webContents.on('will-redirect', (e, url) => {\n    if (/^file:/.test(url)) e.preventDefault()\n  })\n})\n```\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).\n\n### Credit\nThanks to user @coolcoolnoworries for reporting this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36077","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24921","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25101","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25118","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25067","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25039","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24977","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24966","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2522","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25032","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36077"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:23Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36077","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141029","reference_id":"2141029","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141029"},{"reference_url":"https://github.com/advisories/GHSA-p2jh-44qj-pf2v","reference_id":"GHSA-p2jh-44qj-pf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p2jh-44qj-pf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81162?format=json","purl":"pkg:npm/electron@18.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/81164?format=json","purl":"pkg:npm/electron@19.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"},{"vulnerability":"VCID-z97r-xfv6-47e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@19.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/81163?format=json","purl":"pkg:npm/electron@20.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@20.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/340522?format=json","purl":"pkg:npm/electron@21.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@21.0.1"}],"aliases":["CVE-2022-36077","GHSA-p2jh-44qj-pf2v"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a84t-cjcb-tqcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11387?format=json","vulnerability_id":"VCID-cxz5-nf3y-zufn","summary":"Exposure of Resource to Wrong Sphere\nElectron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability allows a sandboxed renderer to request a `thumbnail` image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39184","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58569","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58552","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58604","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.5861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58626","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58607","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.5862","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58625","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58602","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58571","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58584","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58476","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58561","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39184"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/30728","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/30728"},{"reference_url":"https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39184","reference_id":"CVE-2021-39184","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39184"},{"reference_url":"https://github.com/advisories/GHSA-mpjm-v997-c4h4","reference_id":"GHSA-mpjm-v997-c4h4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpjm-v997-c4h4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40968?format=json","purl":"pkg:npm/electron@11.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"},{"vulnerability":"VCID-xys1-xe1s-jqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40970?format=json","purl":"pkg:npm/electron@12.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"},{"vulnerability":"VCID-xys1-xe1s-jqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@12.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40971?format=json","purl":"pkg:npm/electron@13.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"},{"vulnerability":"VCID-xys1-xe1s-jqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40972?format=json","purl":"pkg:npm/electron@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"},{"vulnerability":"VCID-xys1-xe1s-jqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.1.0"}],"aliases":["CVE-2021-39184","GHSA-mpjm-v997-c4h4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cxz5-nf3y-zufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19209?format=json","vulnerability_id":"VCID-f81v-9fv8-93cd","summary":"Out-of-bounds Write\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87745","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87733","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.8774","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87722","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88729","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.049","scoring_system":"epss","scoring_elements":"0.89576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.049","scoring_system":"epss","scoring_elements":"0.89562","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191"},{"reference_url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"},{"reference_url":"https://crbug.com/1486441","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://crbug.com/1486441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/12"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/16","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/16"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/40022","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40022"},{"reference_url":"https://github.com/electron/electron/pull/40023","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40023"},{"reference_url":"https://github.com/electron/electron/pull/40024","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40024"},{"reference_url":"https://github.com/electron/electron/pull/40025","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40025"},{"reference_url":"https://github.com/electron/electron/pull/40026","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40026"},{"reference_url":"https://github.com/electron/electron/releases/tag/v22.3.25","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v22.3.25"},{"reference_url":"https://github.com/electron/electron/releases/tag/v24.8.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v24.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v25.8.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v25.8.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v26.2.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v26.2.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8"},{"reference_url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"},{"reference_url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"},{"reference_url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1"},{"reference_url":"https://github.com/webmproject/libvpx/tags","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/tags"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"},{"reference_url":"https://pastebin.com/TdkC4pDv","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://pastebin.com/TdkC4pDv"},{"reference_url":"https://security.gentoo.org/glsa/202310-04","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202310-04"},{"reference_url":"https://security.gentoo.org/glsa/202401-34","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202401-34"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"},{"reference_url":"https://support.apple.com/kb/HT213961","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213961"},{"reference_url":"https://support.apple.com/kb/HT213972","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213972"},{"reference_url":"https://twitter.com/maddiestone/status/1707163313711497266","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://twitter.com/maddiestone/status/1707163313711497266"},{"reference_url":"https://www.debian.org/security/2023/dsa-5508","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5508"},{"reference_url":"https://www.debian.org/security/2023/dsa-5509","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5509"},{"reference_url":"https://www.debian.org/security/2023/dsa-5510","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5510"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"critical","scoring_system":"generic_textual","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/14","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/02/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/11"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182","reference_id":"1053182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","reference_id":"AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217","reference_id":"CVE-2023-5217","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-5217","reference_id":"CVE-2023-5217","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-5217"},{"reference_url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g","reference_id":"GHSA-qqvq-6xgj-jw8g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5426","reference_id":"RHSA-2023:5426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5427","reference_id":"RHSA-2023:5427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5428","reference_id":"RHSA-2023:5428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5429","reference_id":"RHSA-2023:5429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5430","reference_id":"RHSA-2023:5430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5432","reference_id":"RHSA-2023:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5433","reference_id":"RHSA-2023:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5434","reference_id":"RHSA-2023:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5435","reference_id":"RHSA-2023:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5436","reference_id":"RHSA-2023:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5437","reference_id":"RHSA-2023:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5438","reference_id":"RHSA-2023:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5439","reference_id":"RHSA-2023:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5440","reference_id":"RHSA-2023:5440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5475","reference_id":"RHSA-2023:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5477","reference_id":"RHSA-2023:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5534","reference_id":"RHSA-2023:5534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5535","reference_id":"RHSA-2023:5535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5536","reference_id":"RHSA-2023:5536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5537","reference_id":"RHSA-2023:5537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5538","reference_id":"RHSA-2023:5538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5539","reference_id":"RHSA-2023:5539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5540","reference_id":"RHSA-2023:5540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5540"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","reference_id":"TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"},{"reference_url":"https://usn.ubuntu.com/6403-1/","reference_id":"USN-6403-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-1/"},{"reference_url":"https://usn.ubuntu.com/6403-2/","reference_id":"USN-6403-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-2/"},{"reference_url":"https://usn.ubuntu.com/6403-3/","reference_id":"USN-6403-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-3/"},{"reference_url":"https://usn.ubuntu.com/6404-1/","reference_id":"USN-6404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6404-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"},{"reference_url":"https://usn.ubuntu.com/7172-1/","reference_id":"USN-7172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60242?format=json","purl":"pkg:npm/electron@22.3.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.25"},{"url":"http://public2.vulnerablecode.io/api/packages/59748?format=json","purl":"pkg:npm/electron@23.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-e5ej-zf6n-suf5"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60243?format=json","purl":"pkg:npm/electron@24.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/59752?format=json","purl":"pkg:npm/electron@25.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60244?format=json","purl":"pkg:npm/electron@25.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/59753?format=json","purl":"pkg:npm/electron@26.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60245?format=json","purl":"pkg:npm/electron@26.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/60246?format=json","purl":"pkg:npm/electron@27.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8"}],"aliases":["CVE-2023-5217","GHSA-qqvq-6xgj-jw8g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f81v-9fv8-93cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30106?format=json","vulnerability_id":"VCID-j7d6-zp3s-67fq","summary":"Electron vulnerable to Heap Buffer Overflow in NativeImage\n### Impact\nThe `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.\n\n### Workaround\nThere are no app-side workarounds for this issue. You must update your Electron version to be protected.\n\n### Patches\n\n- `v28.3.2`\n- `v29.3.3`\n- `v30.0.3`\n\n### For More Information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07806","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07839","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07882","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0773","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07744","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07844","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07831","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07865","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07788","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22228","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993"},{"reference_url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489","reference_id":"GHSA-6r2x-8pq8-9489","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70896?format=json","purl":"pkg:npm/electron@28.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/70897?format=json","purl":"pkg:npm/electron@29.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/70898?format=json","purl":"pkg:npm/electron@30.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fuwj-56jp-tyds"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3"}],"aliases":["CVE-2024-46993","GHSA-6r2x-8pq8-9489"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7d6-zp3s-67fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54049?format=json","vulnerability_id":"VCID-nx5d-r4jc-77df","summary":"Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled\n### Impact\nThis vulnerability allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`.\n\nPlease note the misleadingly named `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access rather it depends on the existing `sandbox` setting.  If your application is sandboxed then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs (which includes `ipcRenderer`).\n\nIf your application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.6`\n* `15.5.5`\n\n### Workarounds\nEnsure that all IPC message handlers appropriately validate `senderFrame` as per our [security tutorial here](https://github.com/electron/electron/blob/main/docs/tutorial/security.md#17-validate-the-sender-of-all-ipc-messages).\n\n### For more information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29247","reference_id":"","reference_type":"","scores":[{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74188","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74109","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.7413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74113","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74145","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74154","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74144","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.7418","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74064","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.7409","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74062","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29247"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:29Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29247","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29247"},{"reference_url":"https://github.com/advisories/GHSA-mq8j-3h7h-p8g7","reference_id":"GHSA-mq8j-3h7h-p8g7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mq8j-3h7h-p8g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81504?format=json","purl":"pkg:npm/electron@15.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/81505?format=json","purl":"pkg:npm/electron@16.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/81506?format=json","purl":"pkg:npm/electron@17.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/81507?format=json","purl":"pkg:npm/electron@18.0.0-beta.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6"},{"url":"http://public2.vulnerablecode.io/api/packages/340493?format=json","purl":"pkg:npm/electron@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0"}],"aliases":["CVE-2022-29247","GHSA-mq8j-3h7h-p8g7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nx5d-r4jc-77df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54182?format=json","vulnerability_id":"VCID-p167-yf3n-6qd5","summary":"AutoUpdater module fails to validate certain nested components of the bundle\n### Impact\nThis vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.\n\nPlease note that this kind of attack would require **significant** privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.0`\n* `15.5.0`\n\n### Workarounds\nThere are no workarounds for this issue, please update to a patched version of Electron.\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29257","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63731","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63682","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63718","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63711","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63662","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63688","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63647","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29257"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:31Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29257","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29257"},{"reference_url":"https://github.com/advisories/GHSA-77xc-hjv8-ww97","reference_id":"GHSA-77xc-hjv8-ww97","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77xc-hjv8-ww97"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81610?format=json","purl":"pkg:npm/electron@15.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/81611?format=json","purl":"pkg:npm/electron@16.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/81506?format=json","purl":"pkg:npm/electron@17.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/81507?format=json","purl":"pkg:npm/electron@18.0.0-beta.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6"},{"url":"http://public2.vulnerablecode.io/api/packages/340493?format=json","purl":"pkg:npm/electron@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0"}],"aliases":["CVE-2022-29257","GHSA-77xc-hjv8-ww97"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p167-yf3n-6qd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25726?format=json","vulnerability_id":"VCID-qd52-rbd7-qkbn","summary":"Electron has ASAR Integrity Bypass via resource modification\n### Impact\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `38.0.0-beta.6`\n* `37.3.1`\n* `36.8.1`\n* `35.7.5`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00389","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00393","published_at":"2026-04-26T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00369","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00365","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0037","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00392","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00375","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00378","published_at":"2026-04-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00377","published_at":"2026-04-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0038","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00372","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b"},{"reference_url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1"},{"reference_url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d"},{"reference_url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee"},{"reference_url":"https://github.com/electron/electron/pull/48101","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48101"},{"reference_url":"https://github.com/electron/electron/pull/48102","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48102"},{"reference_url":"https://github.com/electron/electron/pull/48103","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48103"},{"reference_url":"https://github.com/electron/electron/pull/48104","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48104"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398","reference_id":"2393398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398"},{"reference_url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"GHSA-vmqv-hx8q-j7mg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68977?format=json","purl":"pkg:npm/electron@35.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/68978?format=json","purl":"pkg:npm/electron@36.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68979?format=json","purl":"pkg:npm/electron@37.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68980?format=json","purl":"pkg:npm/electron@38.0.0-beta.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6"}],"aliases":["CVE-2025-55305","GHSA-vmqv-hx8q-j7mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qd52-rbd7-qkbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18912?format=json","vulnerability_id":"VCID-w7f7-5frp-n3br","summary":"Improper Control of Generation of Code ('Code Injection')\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07579","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07635","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07559","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07687","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07637","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07615","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07609","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07643","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956"},{"reference_url":"https://github.com/advisories/GHSA-7x97-j373-85x5","reference_id":"GHSA-7x97-j373-85x5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7x97-j373-85x5"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5","reference_id":"GHSA-7x97-j373-85x5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59754?format=json","purl":"pkg:npm/electron@22.3.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/576213?format=json","purl":"pkg:npm/electron@22.3.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.21"},{"url":"http://public2.vulnerablecode.io/api/packages/59755?format=json","purl":"pkg:npm/electron@23.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/59756?format=json","purl":"pkg:npm/electron@24.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/59757?format=json","purl":"pkg:npm/electron@25.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59758?format=json","purl":"pkg:npm/electron@26.0.0-beta.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13"},{"url":"http://public2.vulnerablecode.io/api/packages/59921?format=json","purl":"pkg:npm/electron@26.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0"}],"aliases":["CVE-2023-39956","GHSA-7x97-j373-85x5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7f7-5frp-n3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13484?format=json","vulnerability_id":"VCID-xys1-xe1s-jqha","summary":"Exposure of Resource to Wrong Sphere\nElectron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21718","reference_id":"","reference_type":"","scores":[{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74813","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74859","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74883","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74889","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74896","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74887","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74923","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74929","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.74811","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21718"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/32178","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/32178"},{"reference_url":"https://github.com/electron/electron/pull/32240","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/32240"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21718","reference_id":"CVE-2022-21718","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21718"},{"reference_url":"https://github.com/advisories/GHSA-3p22-ghq8-v749","reference_id":"GHSA-3p22-ghq8-v749","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p22-ghq8-v749"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749","reference_id":"GHSA-3p22-ghq8-v749","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48080?format=json","purl":"pkg:npm/electron@13.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/48081?format=json","purl":"pkg:npm/electron@14.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@14.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/48082?format=json","purl":"pkg:npm/electron@15.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/48083?format=json","purl":"pkg:npm/electron@16.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/80949?format=json","purl":"pkg:npm/electron@17.0.0-alpha.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.0.0-alpha.6"},{"url":"http://public2.vulnerablecode.io/api/packages/48084?format=json","purl":"pkg:npm/electron@17.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-a84t-cjcb-tqcw"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-nx5d-r4jc-77df"},{"vulnerability":"VCID-p167-yf3n-6qd5"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.0.1"}],"aliases":["CVE-2022-21718","GHSA-3p22-ghq8-v749"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xys1-xe1s-jqha"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.3.2"}