{"url":"http://public2.vulnerablecode.io/api/packages/450448?format=json","purl":"pkg:npm/electron@6.1.0","type":"npm","namespace":"","name":"electron","version":"6.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"35.7.5","latest_non_vulnerable_version":"42.0.0-alpha.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42528?format=json","vulnerability_id":"VCID-42af-f5vs-1fe3","summary":"IPC messages delivered to the wrong frame in Electron\n### Impact\nIPC messages sent from the main process to a subframe in the renderer process, through `webContents.sendToFrame`, `event.reply` or when using the `remote` module, can in some cases be delivered to the wrong frame.\n\nIf your app does ANY of the following, then it is impacted by this issue:\n- Uses `remote`\n- Calls `webContents.sendToFrame`\n- Calls `event.reply` in an IPC message handler\n\n### Patches\nThis has been fixed in the following versions:\n\n- 9.4.0\n- 10.2.0\n- 11.1.0\n- 12.0.0-beta.9\n\n### Workarounds\nThere are no workarounds for this issue.\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26272","reference_id":"","reference_type":"","scores":[{"value":"0.00965","scoring_system":"epss","scoring_elements":"0.7685","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26272"},{"reference_url":"https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"},{"reference_url":"https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"},{"reference_url":"https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"},{"reference_url":"https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"},{"reference_url":"https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"},{"reference_url":"https://github.com/electron/electron/pull/26875","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/26875"},{"reference_url":"https://github.com/electron/electron/releases/tag/v9.4.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v9.4.0"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26272","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26272"},{"reference_url":"https://www.electronjs.org/releases/stable?version=9#9.4.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.electronjs.org/releases/stable?version=9#9.4.0"},{"reference_url":"https://security.archlinux.org/AVG-1503","reference_id":"AVG-1503","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1503"},{"reference_url":"https://github.com/advisories/GHSA-hvf8-h2qh-37m9","reference_id":"GHSA-hvf8-h2qh-37m9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hvf8-h2qh-37m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76776?format=json","purl":"pkg:npm/electron@9.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/76777?format=json","purl":"pkg:npm/electron@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"},{"vulnerability":"VCID-zzf8-xwjh-sfc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@10.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/76778?format=json","purl":"pkg:npm/electron@11.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"},{"vulnerability":"VCID-zzf8-xwjh-sfc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.1.0"}],"aliases":["CVE-2020-26272","GHSA-hvf8-h2qh-37m9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42af-f5vs-1fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51320?format=json","vulnerability_id":"VCID-743j-3qgs-rueu","summary":"Renderers can obtain access to random bluetooth device without permission in Electron\n### Impact\nThis vulnerability allows renderers to obtain access to a random bluetooth device via the [web bluetooth API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Bluetooth_API) if the app has not configured a custom `select-bluetooth-device` event handler.  The device that is accessed is random and the attacker would have no way of selecting a specific device.\n\nAll current stable versions of Electron are affected.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n* `17.0.0-alpha.6`\n* `16.0.6`\n* `15.3.5`\n* `14.2.4`\n* `13.6.6`\n\n### Workarounds\nAdding this code to your app can workaround the issue.\n\n```js\napp.on('web-contents-created', (event, webContents) => {\n  webContents.on('select-bluetooth-device', (event, devices, callback) => {\n    // Prevent default behavior\n    event.preventDefault();\n    // Cancel the request\n    callback('');\n  });\n});\n```\n\nFor more information\nIf you have any questions or comments about this advisory, email us at security@electronjs.org.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21718","reference_id":"","reference_type":"","scores":[{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.75164","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21718"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/32178","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/32178"},{"reference_url":"https://github.com/electron/electron/pull/32240","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/32240"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21718","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21718"},{"reference_url":"https://github.com/advisories/GHSA-3p22-ghq8-v749","reference_id":"GHSA-3p22-ghq8-v749","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p22-ghq8-v749"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87619?format=json","purl":"pkg:npm/electron@13.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/87620?format=json","purl":"pkg:npm/electron@14.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@14.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/87621?format=json","purl":"pkg:npm/electron@15.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/87622?format=json","purl":"pkg:npm/electron@16.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/87623?format=json","purl":"pkg:npm/electron@17.0.0-alpha.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.0.0-alpha.6"},{"url":"http://public2.vulnerablecode.io/api/packages/371523?format=json","purl":"pkg:npm/electron@17.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.0.1"}],"aliases":["CVE-2022-21718","GHSA-3p22-ghq8-v749"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-743j-3qgs-rueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36532?format=json","vulnerability_id":"VCID-dm93-f76y-8kb6","summary":"ASAR Integrity bypass via filetype confusion in electron\n### Impact\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.  This issue is specific to macOS as these fuses are only currently supported on macOS.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `27.0.0-alpha.7`\n* `26.2.1`\n* `25.8.1`\n* `24.8.3`\n* `22.3.24`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29817","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/39788","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39788"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402"},{"reference_url":"https://www.electronjs.org/docs/latest/tutorial/fuses","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.electronjs.org/docs/latest/tutorial/fuses"},{"reference_url":"https://github.com/advisories/GHSA-7m48-wc93-9g85","reference_id":"GHSA-7m48-wc93-9g85","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7m48-wc93-9g85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68265?format=json","purl":"pkg:npm/electron@22.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24"},{"url":"http://public2.vulnerablecode.io/api/packages/68272?format=json","purl":"pkg:npm/electron@24.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/68273?format=json","purl":"pkg:npm/electron@25.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68280?format=json","purl":"pkg:npm/electron@26.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/69085?format=json","purl":"pkg:npm/electron@27.0.0-alpha.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7"},{"url":"http://public2.vulnerablecode.io/api/packages/373558?format=json","purl":"pkg:npm/electron@27.0.0-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-sc45-jumt-qkch"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1"}],"aliases":["CVE-2023-44402","GHSA-7m48-wc93-9g85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm93-f76y-8kb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35738?format=json","vulnerability_id":"VCID-gqzu-23pu-rkc8","summary":"Electron context isolation bypass via nested unserializable return value\n### Impact\nApps using `contextIsolation` and `contextBridge` are affected.\n\nThis is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\n### Workarounds\nThis issue is exploitable under either of two conditions:\n* If an API exposed to the main world via `contextBridge` can return an object or array that contains a JS object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`.\n* If an API exposed to the main world via `contextBridge` has a return value that throws a user-generated exception while being sent over the bridge, for instance a dynamic getter property on an object that throws an error when being computed.\n\nThe app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are [supported](https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support) and that any objects returned from functions do not have dynamic getters that can throw exceptions.\n\nAuditing your exposed API is likely to be quite difficult so we strongly recommend you update to a patched version of Electron.\n\n### Fixed Versions\n* `25.0.0-alpha.2`\n* `24.0.1`\n* `23.2.3`\n* `22.3.6`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29198","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35006","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29198"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29198","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29198"},{"reference_url":"https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/"}],"url":"https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"},{"reference_url":"https://github.com/advisories/GHSA-p7v2-p9m8-qqg7","reference_id":"GHSA-p7v2-p9m8-qqg7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p7v2-p9m8-qqg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67979?format=json","purl":"pkg:npm/electron@22.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-sc45-jumt-qkch"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/67982?format=json","purl":"pkg:npm/electron@23.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/67984?format=json","purl":"pkg:npm/electron@24.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/635768?format=json","purl":"pkg:npm/electron@24.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-sc45-jumt-qkch"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/67986?format=json","purl":"pkg:npm/electron@25.0.0-alpha.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2"}],"aliases":["CVE-2023-29198","GHSA-p7v2-p9m8-qqg7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqzu-23pu-rkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1073?format=json","vulnerability_id":"VCID-gwvj-7ub4-c3g7","summary":"Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"0.04976","scoring_system":"epss","scoring_elements":"0.89837","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191"},{"reference_url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"},{"reference_url":"https://crbug.com/1486441","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://crbug.com/1486441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/12"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/16","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/16"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/40022","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40022"},{"reference_url":"https://github.com/electron/electron/pull/40023","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40023"},{"reference_url":"https://github.com/electron/electron/pull/40024","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40024"},{"reference_url":"https://github.com/electron/electron/pull/40025","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40025"},{"reference_url":"https://github.com/electron/electron/pull/40026","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40026"},{"reference_url":"https://github.com/electron/electron/releases/tag/v22.3.25","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v22.3.25"},{"reference_url":"https://github.com/electron/electron/releases/tag/v24.8.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v24.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v25.8.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v25.8.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v26.2.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v26.2.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8"},{"reference_url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"},{"reference_url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"},{"reference_url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1"},{"reference_url":"https://github.com/webmproject/libvpx/tags","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/tags"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217"},{"reference_url":"https://pastebin.com/TdkC4pDv","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://pastebin.com/TdkC4pDv"},{"reference_url":"https://security.gentoo.org/glsa/202310-04","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202310-04"},{"reference_url":"https://security.gentoo.org/glsa/202401-34","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202401-34"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-5217"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"},{"reference_url":"https://support.apple.com/kb/HT213961","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213961"},{"reference_url":"https://support.apple.com/kb/HT213972","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213972"},{"reference_url":"https://twitter.com/maddiestone/status/1707163313711497266","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://twitter.com/maddiestone/status/1707163313711497266"},{"reference_url":"https://www.debian.org/security/2023/dsa-5508","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5508"},{"reference_url":"https://www.debian.org/security/2023/dsa-5509","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5509"},{"reference_url":"https://www.debian.org/security/2023/dsa-5510","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5510"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/14","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/02/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/11"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182","reference_id":"1053182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","reference_id":"AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"},{"reference_url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g","reference_id":"GHSA-qqvq-6xgj-jw8g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44","reference_id":"mfsa2023-44","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"critical","scoring_system":"generic_textual","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5426","reference_id":"RHSA-2023:5426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5427","reference_id":"RHSA-2023:5427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5428","reference_id":"RHSA-2023:5428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5429","reference_id":"RHSA-2023:5429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5430","reference_id":"RHSA-2023:5430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5432","reference_id":"RHSA-2023:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5433","reference_id":"RHSA-2023:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5434","reference_id":"RHSA-2023:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5435","reference_id":"RHSA-2023:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5436","reference_id":"RHSA-2023:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5437","reference_id":"RHSA-2023:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5438","reference_id":"RHSA-2023:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5439","reference_id":"RHSA-2023:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5440","reference_id":"RHSA-2023:5440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5475","reference_id":"RHSA-2023:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5477","reference_id":"RHSA-2023:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5534","reference_id":"RHSA-2023:5534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5535","reference_id":"RHSA-2023:5535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5536","reference_id":"RHSA-2023:5536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5537","reference_id":"RHSA-2023:5537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5538","reference_id":"RHSA-2023:5538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5539","reference_id":"RHSA-2023:5539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5540","reference_id":"RHSA-2023:5540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5540"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","reference_id":"TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"},{"reference_url":"https://usn.ubuntu.com/6403-1/","reference_id":"USN-6403-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-1/"},{"reference_url":"https://usn.ubuntu.com/6403-2/","reference_id":"USN-6403-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-2/"},{"reference_url":"https://usn.ubuntu.com/6403-3/","reference_id":"USN-6403-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-3/"},{"reference_url":"https://usn.ubuntu.com/6404-1/","reference_id":"USN-6404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6404-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"},{"reference_url":"https://usn.ubuntu.com/7172-1/","reference_id":"USN-7172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68120?format=json","purl":"pkg:npm/electron@22.3.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.25"},{"url":"http://public2.vulnerablecode.io/api/packages/373498?format=json","purl":"pkg:npm/electron@23.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-q59j-ednk-7yd3"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68121?format=json","purl":"pkg:npm/electron@24.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/373500?format=json","purl":"pkg:npm/electron@25.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68122?format=json","purl":"pkg:npm/electron@25.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373501?format=json","purl":"pkg:npm/electron@26.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68123?format=json","purl":"pkg:npm/electron@26.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/68124?format=json","purl":"pkg:npm/electron@27.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8"}],"aliases":["CVE-2023-5217","GHSA-qqvq-6xgj-jw8g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwvj-7ub4-c3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52865?format=json","vulnerability_id":"VCID-hmgu-cvce-h3e4","summary":"AutoUpdater module fails to validate certain nested components of the bundle\n### Impact\nThis vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.\n\nPlease note that this kind of attack would require **significant** privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.0`\n* `15.5.0`\n\n### Workarounds\nThere are no workarounds for this issue, please update to a patched version of Electron.\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29257","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63966","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29257"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:52:31Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29257","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29257"},{"reference_url":"https://github.com/advisories/GHSA-77xc-hjv8-ww97","reference_id":"GHSA-77xc-hjv8-ww97","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77xc-hjv8-ww97"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89243?format=json","purl":"pkg:npm/electron@15.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/89244?format=json","purl":"pkg:npm/electron@16.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/89117?format=json","purl":"pkg:npm/electron@17.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/89118?format=json","purl":"pkg:npm/electron@18.0.0-beta.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6"}],"aliases":["CVE-2022-29257","GHSA-77xc-hjv8-ww97"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmgu-cvce-h3e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52672?format=json","vulnerability_id":"VCID-r1yv-n559-9fgy","summary":"Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled\n### Impact\nThis vulnerability allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`.\n\nPlease note the misleadingly named `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access rather it depends on the existing `sandbox` setting.  If your application is sandboxed then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs (which includes `ipcRenderer`).\n\nIf your application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled.\n\n### Patches\nThis has been patched and the following Electron versions contain the fix:\n\n* `18.0.0-beta.6`\n* `17.2.0`\n* `16.2.6`\n* `15.5.5`\n\n### Workarounds\nEnsure that all IPC message handlers appropriately validate `senderFrame` as per our [security tutorial here](https://github.com/electron/electron/blob/main/docs/tutorial/security.md#17-validate-the-sender-of-all-ipc-messages).\n\n### For more information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29247","reference_id":"","reference_type":"","scores":[{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74404","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29247"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:29Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29247","reference_id":"","reference_type":"","scores":[{"value":"2.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29247"},{"reference_url":"https://github.com/advisories/GHSA-mq8j-3h7h-p8g7","reference_id":"GHSA-mq8j-3h7h-p8g7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mq8j-3h7h-p8g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89115?format=json","purl":"pkg:npm/electron@15.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/89116?format=json","purl":"pkg:npm/electron@16.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@16.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/89117?format=json","purl":"pkg:npm/electron@17.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@17.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/89118?format=json","purl":"pkg:npm/electron@18.0.0-beta.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.0.0-beta.6"}],"aliases":["CVE-2022-29247","GHSA-mq8j-3h7h-p8g7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1yv-n559-9fgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41120?format=json","vulnerability_id":"VCID-rm73-kzbd-skav","summary":"Context isolation bypass via Promise in Electron\n### Impact\nApps using `contextIsolation` are affected.\n\nThis is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\n### Workarounds\nThere are no app-side workarounds, you must update your Electron version to be protected.\n\n### Fixed Versions\n* `9.0.0-beta.21`\n* `8.2.4`\n* `7.2.4`\n* `6.1.11`\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15096","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62197","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15096"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15096","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15096"},{"reference_url":"https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"},{"reference_url":"https://github.com/advisories/GHSA-6vrv-94jv-crrg","reference_id":"GHSA-6vrv-94jv-crrg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6vrv-94jv-crrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/450449?format=json","purl":"pkg:npm/electron@6.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42af-f5vs-1fe3"},{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@6.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/74739?format=json","purl":"pkg:npm/electron@6.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42af-f5vs-1fe3"},{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@6.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/74740?format=json","purl":"pkg:npm/electron@7.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42af-f5vs-1fe3"},{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@7.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74741?format=json","purl":"pkg:npm/electron@8.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42af-f5vs-1fe3"},{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-nu7x-z4t2-akas"},{"vulnerability":"VCID-pndx-m4md-guam"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@8.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/450270?format=json","purl":"pkg:npm/electron@9.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42af-f5vs-1fe3"},{"vulnerability":"VCID-743j-3qgs-rueu"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-hmgu-cvce-h3e4"},{"vulnerability":"VCID-nu7x-z4t2-akas"},{"vulnerability":"VCID-pndx-m4md-guam"},{"vulnerability":"VCID-r1yv-n559-9fgy"},{"vulnerability":"VCID-srg1-fnxc-h3bu"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@9.0.1"}],"aliases":["CVE-2020-15096","GHSA-6vrv-94jv-crrg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm73-kzbd-skav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40722?format=json","vulnerability_id":"VCID-srg1-fnxc-h3bu","summary":"Electron: Redirection error and misuse of hashed credentials","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36077","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25952","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36077"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:23Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36077","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141029","reference_id":"2141029","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141029"},{"reference_url":"https://github.com/advisories/GHSA-p2jh-44qj-pf2v","reference_id":"GHSA-p2jh-44qj-pf2v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p2jh-44qj-pf2v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88386?format=json","purl":"pkg:npm/electron@18.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@18.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/88391?format=json","purl":"pkg:npm/electron@19.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-auf5-6dq1-qkc5"},{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@19.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/88388?format=json","purl":"pkg:npm/electron@20.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@20.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/582604?format=json","purl":"pkg:npm/electron@21.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gqzu-23pu-rkc8"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-t318-kt6a-97fm"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@21.0.1"}],"aliases":["CVE-2022-36077","GHSA-p2jh-44qj-pf2v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srg1-fnxc-h3bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35946?format=json","vulnerability_id":"VCID-t318-kt6a-97fm","summary":"Electron vulnerable to out-of-package code execution when launched with arbitrary cwd\n### Impact\nApps that are launched as command line executables are impacted.  E.g. if your app exposes itself in the path as `myapp --help`\n\nSpecifically this issue can only be exploited if the following conditions are met:\n* Your app is launched with an attacker-controlled working directory\n* The attacker has the ability to write files to that working directory\n\nThis makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude [Physically Local Attacks](https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5#:~:text=Physically%20Local%20Attacks) but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance.  Please bear this in mind when reporting similar issues in the future.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `26.0.0-beta.13`\n* `25.5.0`\n* `24.7.1`\n* `23.3.13`\n* `22.3.19`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08254","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956"},{"reference_url":"https://github.com/advisories/GHSA-7x97-j373-85x5","reference_id":"GHSA-7x97-j373-85x5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7x97-j373-85x5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68252?format=json","purl":"pkg:npm/electron@22.3.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/635723?format=json","purl":"pkg:npm/electron@22.3.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-sc45-jumt-qkch"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.21"},{"url":"http://public2.vulnerablecode.io/api/packages/68254?format=json","purl":"pkg:npm/electron@23.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/68256?format=json","purl":"pkg:npm/electron@24.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-sc45-jumt-qkch"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68259?format=json","purl":"pkg:npm/electron@25.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-sc45-jumt-qkch"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68260?format=json","purl":"pkg:npm/electron@26.0.0-beta.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13"},{"url":"http://public2.vulnerablecode.io/api/packages/373557?format=json","purl":"pkg:npm/electron@26.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dm93-f76y-8kb6"},{"vulnerability":"VCID-gwvj-7ub4-c3g7"},{"vulnerability":"VCID-sc45-jumt-qkch"},{"vulnerability":"VCID-ttk4-u34e-bkeb"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0"}],"aliases":["CVE-2023-39956","GHSA-7x97-j373-85x5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t318-kt6a-97fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33961?format=json","vulnerability_id":"VCID-ttk4-u34e-bkeb","summary":"Electron vulnerable to Heap Buffer Overflow in NativeImage\n### Impact\nThe `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.\n\n### Workaround\nThere are no app-side workarounds for this issue. You must update your Electron version to be protected.\n\n### Patches\n\n- `v28.3.2`\n- `v29.3.3`\n- `v30.0.3`\n\n### For More Information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14663","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993"},{"reference_url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489","reference_id":"GHSA-6r2x-8pq8-9489","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66314?format=json","purl":"pkg:npm/electron@28.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/66315?format=json","purl":"pkg:npm/electron@29.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66316?format=json","purl":"pkg:npm/electron@30.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h36d-2pfj-ykdv"},{"vulnerability":"VCID-z93p-zdev-h3ck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3"}],"aliases":["CVE-2024-46993","GHSA-6r2x-8pq8-9489"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttk4-u34e-bkeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18448?format=json","vulnerability_id":"VCID-z93p-zdev-h3ck","summary":"electron: ASAR Integrity Bypass via resource modification","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0079","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b"},{"reference_url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1"},{"reference_url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d"},{"reference_url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee"},{"reference_url":"https://github.com/electron/electron/pull/48101","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48101"},{"reference_url":"https://github.com/electron/electron/pull/48102","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48102"},{"reference_url":"https://github.com/electron/electron/pull/48103","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48103"},{"reference_url":"https://github.com/electron/electron/pull/48104","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48104"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398","reference_id":"2393398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398"},{"reference_url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"GHSA-vmqv-hx8q-j7mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62699?format=json","purl":"pkg:npm/electron@35.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/62703?format=json","purl":"pkg:npm/electron@36.8.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/62706?format=json","purl":"pkg:npm/electron@37.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/62710?format=json","purl":"pkg:npm/electron@38.0.0-beta.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6"}],"aliases":["CVE-2025-55305","GHSA-vmqv-hx8q-j7mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z93p-zdev-h3ck"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@6.1.0"}