{"url":"http://public2.vulnerablecode.io/api/packages/36272?format=json","purl":"pkg:npm/mattermost-desktop@3.6.0","type":"npm","namespace":"","name":"mattermost-desktop","version":"3.6.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.11.0","latest_non_vulnerable_version":"5.11.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/123383?format=json","vulnerability_id":"VCID-8abz-vz7h-cuew","summary":"Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13321","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04456","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13321"},{"reference_url":"https://github.com/mattermost/desktop/commit/722938bb6a97e8b8a5678e6858e44c4d505c08ee","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop/commit/722938bb6a97e8b8a5678e6858e44c4d505c08ee"},{"reference_url":"https://github.com/mattermost/mattermost","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/mattermost"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13321","reference_id":"CVE-2025-13321","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13321"},{"reference_url":"https://github.com/advisories/GHSA-g6qx-wq5w-wr8v","reference_id":"GHSA-g6qx-wq5w-wr8v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g6qx-wq5w-wr8v"},{"reference_url":"https://mattermost.com/security-updates","reference_id":"security-updates","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T18:52:32Z/"}],"url":"https://mattermost.com/security-updates"}],"fixed_packages":[],"aliases":["CVE-2025-13321","GHSA-g6qx-wq5w-wr8v"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8abz-vz7h-cuew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45201?format=json","vulnerability_id":"VCID-a3ga-39uc-2yd2","summary":"Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37182","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56483","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37182"},{"reference_url":"https://github.com/mattermost/desktop","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop"},{"reference_url":"https://github.com/mattermost/desktop/commit/1c9fc719dc2b74495a05f7ebc90e92e7daa03e6d","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop/commit/1c9fc719dc2b74495a05f7ebc90e92e7daa03e6d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37182","reference_id":"CVE-2024-37182","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37182"},{"reference_url":"https://github.com/advisories/GHSA-hvxg-77mg-vrvp","reference_id":"GHSA-hvxg-77mg-vrvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hvxg-77mg-vrvp"},{"reference_url":"https://mattermost.com/security-updates","reference_id":"security-updates","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-15T20:34:10Z/"}],"url":"https://mattermost.com/security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32200?format=json","purl":"pkg:npm/mattermost-desktop@5.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mattermost-desktop@5.8.0"}],"aliases":["CVE-2024-37182","GHSA-hvxg-77mg-vrvp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3ga-39uc-2yd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46921?format=json","vulnerability_id":"VCID-f4gp-az6x-eqft","summary":"Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file,  which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39613","reference_id":"","reference_type":"","scores":[{"value":"0.0147","scoring_system":"epss","scoring_elements":"0.81338","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39613"},{"reference_url":"https://docs.mattermost.com/about/desktop-app-changelog.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.mattermost.com/about/desktop-app-changelog.html"},{"reference_url":"https://github.com/mattermost/desktop","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39613","reference_id":"CVE-2024-39613","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39613"},{"reference_url":"https://github.com/advisories/GHSA-wj4j-qc2m-fgh7","reference_id":"GHSA-wj4j-qc2m-fgh7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wj4j-qc2m-fgh7"},{"reference_url":"https://mattermost.com/security-updates","reference_id":"security-updates","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T13:04:12Z/"}],"url":"https://mattermost.com/security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33386?format=json","purl":"pkg:npm/mattermost-desktop@5.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mattermost-desktop@5.9.0"}],"aliases":["CVE-2024-39613","GHSA-wj4j-qc2m-fgh7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4gp-az6x-eqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115204?format=json","vulnerability_id":"VCID-nkxe-jwze-9kg3","summary":"Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1398","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1398"},{"reference_url":"https://github.com/mattermost/desktop","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1398","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1398"},{"reference_url":"https://github.com/advisories/GHSA-xmvv-w44w-j8wx","reference_id":"GHSA-xmvv-w44w-j8wx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmvv-w44w-j8wx"},{"reference_url":"https://mattermost.com/security-updates","reference_id":"security-updates","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T18:36:20Z/"}],"url":"https://mattermost.com/security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378028?format=json","purl":"pkg:npm/mattermost-desktop@5.11.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mattermost-desktop@5.11.0"}],"aliases":["CVE-2025-1398","GHSA-xmvv-w44w-j8wx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkxe-jwze-9kg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40297?format=json","vulnerability_id":"VCID-smqy-rz6k-9bgv","summary":"Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45835","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58887","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45835"},{"reference_url":"https://github.com/mattermost/desktop","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45835","reference_id":"CVE-2024-45835","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45835"},{"reference_url":"https://github.com/advisories/GHSA-xgq9-7gw6-jr5r","reference_id":"GHSA-xgq9-7gw6-jr5r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgq9-7gw6-jr5r"},{"reference_url":"https://mattermost.com/security-updates","reference_id":"security-updates","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:42:32Z/"}],"url":"https://mattermost.com/security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33386?format=json","purl":"pkg:npm/mattermost-desktop@5.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mattermost-desktop@5.9.0"}],"aliases":["CVE-2024-45835","GHSA-xgq9-7gw6-jr5r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smqy-rz6k-9bgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46438?format=json","vulnerability_id":"VCID-t5u6-ap62-fkh7","summary":"Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39772","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58287","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39772"},{"reference_url":"https://github.com/mattermost/desktop","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39772","reference_id":"CVE-2024-39772","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39772"},{"reference_url":"https://github.com/advisories/GHSA-5777-rcjj-9p22","reference_id":"GHSA-5777-rcjj-9p22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5777-rcjj-9p22"},{"reference_url":"https://mattermost.com/security-updates","reference_id":"security-updates","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-16T14:41:24Z/"}],"url":"https://mattermost.com/security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33386?format=json","purl":"pkg:npm/mattermost-desktop@5.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mattermost-desktop@5.9.0"}],"aliases":["CVE-2024-39772","GHSA-5777-rcjj-9p22"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5u6-ap62-fkh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41814?format=json","vulnerability_id":"VCID-vvuc-6181-a3d4","summary":"Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36287","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08303","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36287"},{"reference_url":"https://github.com/mattermost/desktop","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mattermost/desktop"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36287","reference_id":"CVE-2024-36287","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36287"},{"reference_url":"https://github.com/advisories/GHSA-xgqm-wp7w-mgg2","reference_id":"GHSA-xgqm-wp7w-mgg2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgqm-wp7w-mgg2"},{"reference_url":"https://mattermost.com/security-updates","reference_id":"security-updates","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T15:36:28Z/"}],"url":"https://mattermost.com/security-updates"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32200?format=json","purl":"pkg:npm/mattermost-desktop@5.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mattermost-desktop@5.8.0"}],"aliases":["CVE-2024-36287","GHSA-xgqm-wp7w-mgg2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvuc-6181-a3d4"}],"fixing_vulnerabilities":[],"risk_score":"1.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mattermost-desktop@3.6.0"}