Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@9.0.2
Typenpm
Namespace
Nameelectron
Version9.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.4.0
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
0
url VCID-nm8y-5g5d-quaf
vulnerability_id VCID-nm8y-5g5d-quaf
summary 
Improper Input Validation
In Electron the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15174
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53157
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15174
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b
3
reference_url https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15174
reference_id CVE-2020-15174
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15174
fixed_packages
0
url pkg:npm/electron@9.3.0
purl pkg:npm/electron@9.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p3vt-avbt-kyed
1
vulnerability VCID-xngs-29hg-7kh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.3.0
1
url pkg:npm/electron@10.0.1
purl pkg:npm/electron@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p3vt-avbt-kyed
1
vulnerability VCID-xngs-29hg-7kh9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.0.1
aliases CVE-2020-15174, GHSA-2q4g-w47c-4674
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nm8y-5g5d-quaf
1
url VCID-p3vt-avbt-kyed
vulnerability_id VCID-p3vt-avbt-kyed
summary 
IPC messages delivered to the wrong frame in Electron
IPC messages sent from the main process to a subframe in the renderer process, through `webContents.sendToFrame`, `event.reply` or when using the `remote` module, can in some cases be delivered to the wrong frame.

If your app does ANY of the following, then it is impacted by this issue:
- Uses `remote`
- Calls `webContents.sendToFrame`
- Calls `event.reply` in an IPC message handler
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26272
reference_id
reference_type
scores
0
value 0.00965
scoring_system epss
scoring_elements 0.76899
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26272
1
reference_url https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
2
reference_url https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208
3
reference_url https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2
4
reference_url https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc
5
reference_url https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd
6
reference_url https://github.com/electron/electron/pull/26875
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/26875
7
reference_url https://github.com/electron/electron/releases/tag/v9.4.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v9.4.0
8
reference_url https://www.electronjs.org/releases/stable?version=9#9.4.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.electronjs.org/releases/stable?version=9#9.4.0
9
reference_url https://security.archlinux.org/AVG-1503
reference_id AVG-1503
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1503
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26272
reference_id CVE-2020-26272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26272
11
reference_url https://github.com/advisories/GHSA-hvf8-h2qh-37m9
reference_id GHSA-hvf8-h2qh-37m9
reference_type
scores
url https://github.com/advisories/GHSA-hvf8-h2qh-37m9
12
reference_url https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
reference_id GHSA-hvf8-h2qh-37m9
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
fixed_packages
0
url pkg:npm/electron@9.4.0
purl pkg:npm/electron@9.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.4.0
1
url pkg:npm/electron@10.2.0
purl pkg:npm/electron@10.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.2.0
2
url pkg:npm/electron@11.1.0
purl pkg:npm/electron@11.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.1.0
aliases CVE-2020-26272, GHSA-hvf8-h2qh-37m9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3vt-avbt-kyed
2
url VCID-xngs-29hg-7kh9
vulnerability_id VCID-xngs-29hg-7kh9
summary 
Exposure of Resource to Wrong Sphere
Electron is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15215
reference_id
reference_type
scores
0
value 0.00282
scoring_system epss
scoring_elements 0.51802
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15215
1
reference_url https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15215
reference_id CVE-2020-15215
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15215
fixed_packages
0
url pkg:npm/electron@9.3.1
purl pkg:npm/electron@9.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p3vt-avbt-kyed
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.3.1
1
url pkg:npm/electron@10.1.2
purl pkg:npm/electron@10.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p3vt-avbt-kyed
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.1.2
2
url pkg:npm/electron@11.0.0-beta.6
purl pkg:npm/electron@11.0.0-beta.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.0.0-beta.6
aliases CVE-2020-15215, GHSA-56pc-6jqp-xqj8
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xngs-29hg-7kh9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@9.0.2