Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/596190?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/596190?format=api", "purl": "pkg:npm/electron@19.0.1", "type": "npm", "namespace": "", "name": "electron", "version": "19.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "39.8.5", "latest_non_vulnerable_version": "42.0.0-alpha.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74859?format=api", "vulnerability_id": "VCID-183u-hw9z-67bh", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettings({openAtLogin: true}) wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login instead of the intended app. On a default Windows install, standard system directories are protected against writes by standard users, so exploitation typically requires a non-standard install location. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00458", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00461", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34768" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996", "reference_id": "2454996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454996" }, { "reference_url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "GHSA-jfqx-fxh3-c62j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfqx-fxh3-c62j" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j", "reference_id": "GHSA-jfqx-fxh3-c62j", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373696?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373697?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34768", "GHSA-jfqx-fxh3-c62j" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-183u-hw9z-67bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75257?format=api", "vulnerability_id": "VCID-32q7-z5g7-qude", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03089", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03077", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34775" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023", "reference_id": "2455023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455023" }, { "reference_url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "GHSA-xwr5-m59h-vwqr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwr5-m59h-vwqr" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr", "reference_id": "GHSA-xwr5-m59h-vwqr", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373269?format=api", "purl": "pkg:npm/electron@39.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/373270?format=api", "purl": "pkg:npm/electron@40.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/373271?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34775", "GHSA-xwr5-m59h-vwqr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32q7-z5g7-qude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/121385?format=api", "vulnerability_id": "VCID-346j-kfxs-akf5", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is fixed in versions 35.7.5, 36.8.1, 37.3.1 and 38.0.0-beta.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00955", "published_at": "2026-06-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00953", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55305" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55305" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398", "reference_id": "2393398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393398" }, { "reference_url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b", "reference_id": "23a02934510fcf951428e14573d9b2d2a3c4f28b", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b" }, { "reference_url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1", "reference_id": "2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1" }, { "reference_url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d", "reference_id": "3f92511cdecc39f46b0e86cce40a0c691e301c9d", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d" }, { "reference_url": "https://github.com/electron/electron/pull/48101", "reference_id": "48101", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48101" }, { "reference_url": "https://github.com/electron/electron/pull/48102", "reference_id": "48102", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48102" }, { "reference_url": "https://github.com/electron/electron/pull/48103", "reference_id": "48103", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48103" }, { "reference_url": "https://github.com/electron/electron/pull/48104", "reference_id": "48104", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/pull/48104" }, { "reference_url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee", "reference_id": "fdf29ce83870109d403f5c23ae529dbd0e8f4fee", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee" }, { "reference_url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vmqv-hx8q-j7mg" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg", "reference_id": "GHSA-vmqv-hx8q-j7mg", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376826?format=api", "purl": "pkg:npm/electron@35.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/376827?format=api", "purl": "pkg:npm/electron@36.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/376828?format=api", "purl": "pkg:npm/electron@37.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/376829?format=api", "purl": "pkg:npm/electron@38.0.0-beta.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6" } ], "aliases": [ "CVE-2025-55305", "GHSA-vmqv-hx8q-j7mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-346j-kfxs-akf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74842?format=api", "vulnerability_id": "VCID-4sa7-5jy6-jkf2", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption. All apps that access powerMonitor events (suspend, resume, lock-screen, etc.) are potentially affected. The issue is not directly renderer-controllable. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04122", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04105", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34770" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34770" }, { "reference_url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "GHSA-jjp3-mq3x-295m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjp3-mq3x-295m" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m", "reference_id": "GHSA-jjp3-mq3x-295m", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373696?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373697?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34770", "GHSA-jjp3-mq3x-295m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sa7-5jy6-jkf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74761?format=api", "vulnerability_id": "VCID-6h3u-keqg-gufv", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04122", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04105", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34772" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34772" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005", "reference_id": "2455005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455005" }, { "reference_url": "https://github.com/advisories/GHSA-9w97-2464-8783", "reference_id": "GHSA-9w97-2464-8783", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9w97-2464-8783" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783", "reference_id": "GHSA-9w97-2464-8783", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373567?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373569?format=api", "purl": "pkg:npm/electron@41.0.0-beta.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-59fc-ch9h-a7fu" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7" } ], "aliases": [ "CVE-2026-34772", "GHSA-9w97-2464-8783" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6h3u-keqg-gufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356844?format=api", "vulnerability_id": "VCID-7fkm-hs48-13hw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29719", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29916", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44402" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/39788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/39788" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44402" }, { "reference_url": "https://github.com/advisories/GHSA-7m48-wc93-9g85", "reference_id": "GHSA-7m48-wc93-9g85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m48-wc93-9g85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379846?format=api", "purl": "pkg:npm/electron@22.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/379847?format=api", "purl": "pkg:npm/electron@24.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379848?format=api", "purl": "pkg:npm/electron@25.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379849?format=api", "purl": "pkg:npm/electron@26.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/380265?format=api", "purl": "pkg:npm/electron@27.0.0-alpha.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/394304?format=api", "purl": "pkg:npm/electron@27.0.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1" } ], "aliases": [ "CVE-2023-44402", "GHSA-7m48-wc93-9g85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fkm-hs48-13hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139648?format=api", "vulnerability_id": "VCID-beaq-5xq8-d3es", "summary": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0799", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07955", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39956" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39956" }, { "reference_url": "https://github.com/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x97-j373-85x5" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5", "reference_id": "GHSA-7x97-j373-85x5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379838?format=api", "purl": "pkg:npm/electron@22.3.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/650003?format=api", "purl": "pkg:npm/electron@22.3.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/379839?format=api", "purl": "pkg:npm/electron@23.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/379840?format=api", "purl": "pkg:npm/electron@24.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379841?format=api", "purl": "pkg:npm/electron@25.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/379842?format=api", "purl": "pkg:npm/electron@26.0.0-beta.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/394303?format=api", "purl": "pkg:npm/electron@26.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0" } ], "aliases": [ "CVE-2023-39956", "GHSA-7x97-j373-85x5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-beaq-5xq8-d3es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74959?format=api", "vulnerability_id": "VCID-f95q-8yva-pqbg", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder() used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt. Apps are only affected if they call app.moveToApplicationsFolder(). Apps that do not use this API are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01569", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01567", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34779" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34779" }, { "reference_url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "GHSA-5rqw-r77c-jp79", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rqw-r77c-jp79" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79", "reference_id": "GHSA-5rqw-r77c-jp79", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373696?format=api", "purl": "pkg:npm/electron@40.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373697?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34779", "GHSA-5rqw-r77c-jp79" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f95q-8yva-pqbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74832?format=api", "vulnerability_id": "VCID-g6rj-h8np-g7ay", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02302", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34769" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004", "reference_id": "2455004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455004" }, { "reference_url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "GHSA-9wfr-w7mm-pc7f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9wfr-w7mm-pc7f" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f", "reference_id": "GHSA-9wfr-w7mm-pc7f", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373567?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373697?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34769", "GHSA-9wfr-w7mm-pc7f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6rj-h8np-g7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75050?format=api", "vulnerability_id": "VCID-hd38-x6m6-5yds", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.requestSingleInstanceLock() were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same user as the Electron app. Apps that do not call app.requestSingleInstanceLock() are not affected. Windows is not affected by this issue. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02468", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02466", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34776" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021", "reference_id": "2455021", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455021" }, { "reference_url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "GHSA-3c8v-cfp5-9885", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3c8v-cfp5-9885" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885", "reference_id": "GHSA-3c8v-cfp5-9885", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373325?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373271?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34776", "GHSA-3c8v-cfp5-9885" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hd38-x6m6-5yds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74765?format=api", "vulnerability_id": "VCID-jk3h-fgjr-kffg", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle() / protocol.registerSchemesAsPrivileged() or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value. An attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls. Apps that do not reflect external input into response headers are not affected. This issue has been patched in versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02238", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02234", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34767" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000", "reference_id": "2455000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455000" }, { "reference_url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "GHSA-4p4r-m79c-wq3v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p4r-m79c-wq3v" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v", "reference_id": "GHSA-4p4r-m79c-wq3v", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/374127?format=api", "purl": "pkg:npm/electron@39.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374128?format=api", "purl": "pkg:npm/electron@40.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374129?format=api", "purl": "pkg:npm/electron@41.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3" } ], "aliases": [ "CVE-2026-34767", "GHSA-4p4r-m79c-wq3v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jk3h-fgjr-kffg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75241?format=api", "vulnerability_id": "VCID-k9uz-dsnp-6qev", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If that existing child was created with more permissive webPreferences (via setWindowOpenHandler's overrideBrowserWindowOptions), content loaded by the second renderer inherits those permissions. Apps are only affected if they open multiple top-level windows with differing trust levels and use setWindowOpenHandler to grant child windows elevated webPreferences such as a privileged preload script. Apps that do not elevate child window privileges, or that use a single top-level window, are not affected. Apps that additionally grant nodeIntegration: true or sandbox: false to child windows (contrary to the security recommendations) may be exposed to arbitrary code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07627", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0759", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34765" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34765" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278", "reference_id": "2456278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456278" }, { "reference_url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "GHSA-f3pv-wv63-48x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3pv-wv63-48x8" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8", "reference_id": "GHSA-f3pv-wv63-48x8", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374052?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/374053?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/374054?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/374055?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34765", "GHSA-f3pv-wv63-48x8" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9uz-dsnp-6qev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74988?format=api", "vulnerability_id": "VCID-kznb-y8yr-7bds", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript() and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered and use the result of webContents.executeJavaScript() (or webFrameMain.executeJavaScript()) in security-sensitive decisions. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00656", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00657", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34778" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024", "reference_id": "2455024", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455024" }, { "reference_url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "GHSA-xj5x-m3f3-5x3h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj5x-m3f3-5x3h" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h", "reference_id": "GHSA-xj5x-m3f3-5x3h", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373325?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373271?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34778", "GHSA-xj5x-m3f3-5x3h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kznb-y8yr-7bds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20772?format=api", "vulnerability_id": "VCID-m48q-c84y-k7af", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14681", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14803", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46993" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46993" }, { "reference_url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r2x-8pq8-9489" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489", "reference_id": "GHSA-6r2x-8pq8-9489", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378715?format=api", "purl": "pkg:npm/electron@28.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/378716?format=api", "purl": "pkg:npm/electron@29.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/378717?format=api", "purl": "pkg:npm/electron@30.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-prfv-2m76-wkhm" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3" } ], "aliases": [ "CVE-2024-46993", "GHSA-6r2x-8pq8-9489" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m48q-c84y-k7af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74640?format=api", "vulnerability_id": "VCID-nng3-6g42-r3ge", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05798", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05773", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34771" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34771" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995", "reference_id": "2454995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454995" }, { "reference_url": "https://github.com/advisories/GHSA-8337-3p73-46f4", "reference_id": "GHSA-8337-3p73-46f4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8337-3p73-46f4" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4", "reference_id": "GHSA-8337-3p73-46f4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373567?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373697?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34771", "GHSA-8337-3p73-46f4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nng3-6g42-r3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74782?format=api", "vulnerability_id": "VCID-p418-zdbc-tkfx", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00314", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00315", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34781" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287" }, { "reference_url": "https://github.com/electron/electron/pull/50475", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/50475" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v39.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v39.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v40.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v40.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v41.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v41.1.0" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34781" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279", "reference_id": "2456279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456279" }, { "reference_url": "https://github.com/advisories/GHSA-f37v-82c4-4x64", "reference_id": "GHSA-f37v-82c4-4x64", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f37v-82c4-4x64" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64", "reference_id": "GHSA-f37v-82c4-4x64", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374052?format=api", "purl": "pkg:npm/electron@39.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/374053?format=api", "purl": "pkg:npm/electron@40.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/374054?format=api", "purl": "pkg:npm/electron@41.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/374055?format=api", "purl": "pkg:npm/electron@42.0.0-alpha.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5" } ], "aliases": [ "CVE-2026-34781", "GHSA-f37v-82c4-4x64" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p418-zdbc-tkfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168554?format=api", "vulnerability_id": "VCID-qmpb-n4yn-9qdh", "summary": "Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23435", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2363", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4135" }, { "reference_url": "https://github.com/electron/electron/pull/36444", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/36444" }, { "reference_url": "https://github.com/electron/electron/pull/36447", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/36447" }, { "reference_url": "https://crbug.com/1392715", "reference_id": "1392715", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T14:45:12Z/" } ], "url": "https://crbug.com/1392715" }, { "reference_url": "https://security.gentoo.org/glsa/202305-10", "reference_id": "202305-10", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T14:45:12Z/" } ], "url": "https://security.gentoo.org/glsa/202305-10" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4135", "reference_id": "CVE-2022-4135", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4135" }, { "reference_url": "https://github.com/advisories/GHSA-995f-9x5r-2rcj", "reference_id": "GHSA-995f-9x5r-2rcj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-995f-9x5r-2rcj" }, { "reference_url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html", "reference_id": "stable-channel-update-for-desktop_24.html", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T14:45:12Z/" } ], "url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28058?format=api", "purl": "pkg:npm/electron@19.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-taqd-cs7f-mqas" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@19.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/598672?format=api", "purl": "pkg:npm/electron@20.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-taqd-cs7f-mqas" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@20.0.0-alpha.1" } ], "aliases": [ "CVE-2022-4135", "GHSA-995f-9x5r-2rcj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmpb-n4yn-9qdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75155?format=api", "vulnerability_id": "VCID-szv3-rj5s-7kcy", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClient(protocol) did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\\Software\\Classes\\, potentially hijacking existing protocol handlers. Apps are only affected if they call app.setAsDefaultProtocolClient() with a protocol name derived from external or untrusted input. Apps that use a hardcoded protocol name are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07978", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07943", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34773" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025", "reference_id": "2455025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455025" }, { "reference_url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "GHSA-mwmh-mq4g-g6gr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwmh-mq4g-g6gr" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr", "reference_id": "GHSA-mwmh-mq4g-g6gr", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373325?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373271?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34773", "GHSA-mwmh-mq4g-g6gr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szv3-rj5s-7kcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167048?format=api", "vulnerability_id": "VCID-t4m4-64eg-j7eb", "summary": "The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36077.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26165", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25964", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36077" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141029", "reference_id": "2141029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141029" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077", "reference_id": "CVE-2022-36077", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36077" }, { "reference_url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v", "reference_id": "GHSA-p2jh-44qj-pf2v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p2jh-44qj-pf2v" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v", "reference_id": "GHSA-p2jh-44qj-pf2v", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:49:23Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27801?format=api", "purl": "pkg:npm/electron@19.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-qmpb-n4yn-9qdh" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-taqd-cs7f-mqas" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@19.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/27803?format=api", "purl": "pkg:npm/electron@20.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-taqd-cs7f-mqas" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@20.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/596202?format=api", "purl": "pkg:npm/electron@21.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-taqd-cs7f-mqas" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@21.0.1" } ], "aliases": [ "CVE-2022-36077", "GHSA-p2jh-44qj-pf2v" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4m4-64eg-j7eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140659?format=api", "vulnerability_id": "VCID-taqd-cs7f-mqas", "summary": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37165", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36987", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29198" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29198" }, { "reference_url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support", "reference_id": "context-bridge#parameter--error--return-type-support", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support" }, { "reference_url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p7v2-p9m8-qqg7" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7", "reference_id": "GHSA-p7v2-p9m8-qqg7", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379722?format=api", "purl": "pkg:npm/electron@22.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/379723?format=api", "purl": "pkg:npm/electron@23.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/379724?format=api", "purl": "pkg:npm/electron@24.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/650048?format=api", "purl": "pkg:npm/electron@24.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-jw6f-farc-7bhq" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" }, { "vulnerability": "VCID-zj6v-hmj8-syfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/379725?format=api", "purl": "pkg:npm/electron@25.0.0-alpha.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2" } ], "aliases": [ "CVE-2023-29198", "GHSA-p7v2-p9m8-qqg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-taqd-cs7f-mqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74905?format=api", "vulnerability_id": "VCID-u65z-257u-jfgc", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's requested filters or was listed in exclusionFilters. The WebUSB security blocklist remained enforced regardless, so security-sensitive devices on the blocklist were not affected. The practical impact is limited to apps with unusual device-selection logic. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01411", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01409", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34766" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998", "reference_id": "2454998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454998" }, { "reference_url": "https://github.com/advisories/GHSA-9899-m83m-qhpj", "reference_id": "GHSA-9899-m83m-qhpj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9899-m83m-qhpj" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj", "reference_id": "GHSA-9899-m83m-qhpj", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373567?format=api", "purl": "pkg:npm/electron@39.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373697?format=api", "purl": "pkg:npm/electron@41.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8" } ], "aliases": [ "CVE-2026-34766", "GHSA-9899-m83m-qhpj" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u65z-257u-jfgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74670?format=api", "vulnerability_id": "VCID-ve97-xkqj-33aq", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering (webPreferences.offscreen: true) and their setWindowOpenHandler permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected. This issue has been patched in versions 39.8.1, 40.7.0, and 41.0.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05872", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05845", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34774" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34774" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026", "reference_id": "2455026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455026" }, { "reference_url": "https://github.com/advisories/GHSA-532v-xpq5-8h95", "reference_id": "GHSA-532v-xpq5-8h95", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-532v-xpq5-8h95" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95", "reference_id": "GHSA-532v-xpq5-8h95", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373568?format=api", "purl": "pkg:npm/electron@40.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/373271?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34774", "GHSA-532v-xpq5-8h95" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ve97-xkqj-33aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75246?format=api", "vulnerability_id": "VCID-xkbg-6qfc-jqe5", "summary": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler() was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter or webContents.getURL() may inadvertently grant permissions to embedded third-party content. The correct requesting URL remains available via details.requestingUrl. Apps that already check details.requestingUrl are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00527", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0053", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34777" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34777" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022", "reference_id": "2455022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455022" }, { "reference_url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "GHSA-r5p7-gp4j-qhrx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5p7-gp4j-qhrx" }, { "reference_url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx", "reference_id": "GHSA-r5p7-gp4j-qhrx", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/" } ], "url": "https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373268?format=api", "purl": "pkg:npm/electron@38.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-ve97-xkqj-33aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373324?format=api", "purl": "pkg:npm/electron@39.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373325?format=api", "purl": "pkg:npm/electron@40.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373271?format=api", "purl": "pkg:npm/electron@41.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e2ch-6mpc-ykhz" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-p418-zdbc-tkfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0" } ], "aliases": [ "CVE-2026-34777", "GHSA-r5p7-gp4j-qhrx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkbg-6qfc-jqe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16185?format=api", "vulnerability_id": "VCID-zj6v-hmj8-syfy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04976", "scoring_system": "epss", "scoring_elements": "0.89912", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5217" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/electron/electron", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron" }, { "reference_url": "https://github.com/electron/electron/pull/40022", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40022" }, { "reference_url": "https://github.com/electron/electron/pull/40023", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40023" }, { "reference_url": "https://github.com/electron/electron/pull/40024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40024" }, { "reference_url": "https://github.com/electron/electron/pull/40025", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40025" }, { "reference_url": "https://github.com/electron/electron/pull/40026", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/pull/40026" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v22.3.25", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v22.3.25" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v24.8.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v24.8.5" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v25.8.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v25.8.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v26.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v26.2.4" }, { "reference_url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/electron/electron/releases/tag/v27.0.0-beta.8" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182", "reference_id": "1053182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/03/11", "reference_id": "11", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/12", "reference_id": "12", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/12", "reference_id": "12", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/14", "reference_id": "14", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/14" }, { "reference_url": "https://crbug.com/1486441", "reference_id": "1486441", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://crbug.com/1486441" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/16", "reference_id": "16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/16" }, { "reference_url": "https://twitter.com/maddiestone/status/1707163313711497266", "reference_id": "1707163313711497266", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://twitter.com/maddiestone/status/1707163313711497266" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/2" }, { "reference_url": "https://security.gentoo.org/glsa/202310-04", "reference_id": "202310-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202310-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-34", "reference_id": "202401-34", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security.gentoo.org/glsa/202401-34" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "reference_id": "3fbd1dca6a4d2dad332a2110d646e4ffef36d590", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/", "reference_id": "4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/30/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/30/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/01/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/01/5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/", "reference_id": "55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/28/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/02/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/09/29/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/09/29/9" }, { "reference_url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "reference_id": "af6dedd715f4307669366944cca6e0417b290282", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/", "reference_id": "AY642Z6JZODQJE7Z62CFREVUHEGCXGPD", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/", "reference_id": "BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2023-5217", "reference_id": "CVE-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-5217" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/", "reference_id": "CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5508", "reference_id": "dsa-5508", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5508" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5509", "reference_id": "dsa-5509", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5509" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5510", "reference_id": "dsa-5510", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5510" }, { "reference_url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g", "reference_id": "GHSA-qqvq-6xgj-jw8g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqvq-6xgj-jw8g" }, { "reference_url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/", "reference_id": "google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/" }, { "reference_url": "https://support.apple.com/kb/HT213961", "reference_id": "HT213961", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213961" }, { "reference_url": "https://support.apple.com/kb/HT213972", "reference_id": "HT213972", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://support.apple.com/kb/HT213972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/", "reference_id": "mfsa2023-44", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html" }, { "reference_url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "reference_id": "new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5426", "reference_id": "RHSA-2023:5426", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5427", "reference_id": "RHSA-2023:5427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5428", "reference_id": "RHSA-2023:5428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5429", "reference_id": "RHSA-2023:5429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5430", "reference_id": "RHSA-2023:5430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5432", "reference_id": "RHSA-2023:5432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5432" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5433", "reference_id": "RHSA-2023:5433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5434", "reference_id": "RHSA-2023:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5435", "reference_id": "RHSA-2023:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5436", "reference_id": "RHSA-2023:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5437", "reference_id": "RHSA-2023:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5438", "reference_id": "RHSA-2023:5438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5439", "reference_id": "RHSA-2023:5439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5440", "reference_id": "RHSA-2023:5440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5475", "reference_id": "RHSA-2023:5475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5477", "reference_id": "RHSA-2023:5477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5534", "reference_id": "RHSA-2023:5534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5535", "reference_id": "RHSA-2023:5535", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5535" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5536", "reference_id": "RHSA-2023:5536", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5536" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5537", "reference_id": "RHSA-2023:5537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5538", "reference_id": "RHSA-2023:5538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5539", "reference_id": "RHSA-2023:5539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5540", "reference_id": "RHSA-2023:5540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5540" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191", "reference_id": "show_bug.cgi?id=2241191", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241191" }, { "reference_url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html", "reference_id": "stable-channel-update-for-desktop_27.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html" }, { "reference_url": "https://github.com/webmproject/libvpx/tags", "reference_id": "tags", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/tags" }, { "reference_url": "https://pastebin.com/TdkC4pDv", "reference_id": "TdkC4pDv", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://pastebin.com/TdkC4pDv" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/", "reference_id": "TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/" }, { "reference_url": "https://usn.ubuntu.com/6403-1/", "reference_id": "USN-6403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-1/" }, { "reference_url": "https://usn.ubuntu.com/6403-2/", "reference_id": "USN-6403-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-2/" }, { "reference_url": "https://usn.ubuntu.com/6403-3/", "reference_id": "USN-6403-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6403-3/" }, { "reference_url": "https://usn.ubuntu.com/6404-1/", "reference_id": "USN-6404-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6404-1/" }, { "reference_url": "https://usn.ubuntu.com/6405-1/", "reference_id": "USN-6405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6405-1/" }, { "reference_url": "https://usn.ubuntu.com/7172-1/", "reference_id": "USN-7172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7172-1/" }, { "reference_url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", "reference_id": "v1.13.1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/", "reference_id": "WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379776?format=api", "purl": "pkg:npm/electron@22.3.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/394245?format=api", "purl": "pkg:npm/electron@23.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-taqd-cs7f-mqas" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-vwut-z8ga-ckbe" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379777?format=api", "purl": "pkg:npm/electron@24.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/394247?format=api", "purl": "pkg:npm/electron@25.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-taqd-cs7f-mqas" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379778?format=api", "purl": "pkg:npm/electron@25.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/394248?format=api", "purl": "pkg:npm/electron@26.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-7fkm-hs48-13hw" }, { "vulnerability": "VCID-beaq-5xq8-d3es" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379779?format=api", "purl": "pkg:npm/electron@26.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/379780?format=api", "purl": "pkg:npm/electron@27.0.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-183u-hw9z-67bh" }, { "vulnerability": "VCID-32q7-z5g7-qude" }, { "vulnerability": "VCID-346j-kfxs-akf5" }, { "vulnerability": "VCID-4sa7-5jy6-jkf2" }, { "vulnerability": "VCID-6h3u-keqg-gufv" }, { "vulnerability": "VCID-f95q-8yva-pqbg" }, { "vulnerability": "VCID-g6rj-h8np-g7ay" }, { "vulnerability": "VCID-hd38-x6m6-5yds" }, { "vulnerability": "VCID-jk3h-fgjr-kffg" }, { "vulnerability": "VCID-k9uz-dsnp-6qev" }, { "vulnerability": "VCID-kznb-y8yr-7bds" }, { "vulnerability": "VCID-m48q-c84y-k7af" }, { "vulnerability": "VCID-nng3-6g42-r3ge" }, { "vulnerability": "VCID-p418-zdbc-tkfx" }, { "vulnerability": "VCID-szv3-rj5s-7kcy" }, { "vulnerability": "VCID-u65z-257u-jfgc" }, { "vulnerability": "VCID-ve97-xkqj-33aq" }, { "vulnerability": "VCID-xkbg-6qfc-jqe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8" } ], "aliases": [ "CVE-2023-5217", "GHSA-qqvq-6xgj-jw8g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zj6v-hmj8-syfy" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/electron@19.0.1" }