{"url":"http://public2.vulnerablecode.io/api/packages/618894?format=json","purl":"pkg:npm/electron@20.1.2","type":"npm","namespace":"","name":"electron","version":"20.1.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"39.8.5","latest_non_vulnerable_version":"42.0.0-alpha.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349456?format=json","vulnerability_id":"VCID-2uv6-6zfm-x7c6","summary":"Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows\n### Impact\nOn Windows, `app.setAsDefaultProtocolClient(protocol)` did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under `HKCU\\Software\\Classes\\`, potentially hijacking existing protocol handlers.\n\nApps are only affected if they call `app.setAsDefaultProtocolClient()` with a protocol name derived from external or untrusted input. Apps that use a hardcoded protocol name are not affected.\n\n### Workarounds\nValidate the protocol name matches `/^[a-zA-Z][a-zA-Z0-9+.-]*$/` before passing it to `app.setAsDefaultProtocolClient()`.\n\n### Fixed Versions\n* `41.0.0`\n* `40.8.1`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34773","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05457","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05501","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07869","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07927","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08958","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08824","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09008","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34773"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34773","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455025","reference_id":"2455025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455025"},{"reference_url":"https://github.com/advisories/GHSA-mwmh-mq4g-g6gr","reference_id":"GHSA-mwmh-mq4g-g6gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwmh-mq4g-g6gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994087?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994084?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34773","GHSA-mwmh-mq4g-g6gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2uv6-6zfm-x7c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20059?format=json","vulnerability_id":"VCID-7eu1-94qk-nuar","summary":"ASAR Integrity bypass via filetype confusion in electron\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.  This issue is specific to macOS as these fuses are only currently supported on macOS.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29605","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30051","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30111","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30071","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3005","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30004","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29749","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30183","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30232","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/39788","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39788"},{"reference_url":"https://www.electronjs.org/docs/latest/tutorial/fuses","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.electronjs.org/docs/latest/tutorial/fuses"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402","reference_id":"CVE-2023-44402","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402"},{"reference_url":"https://github.com/advisories/GHSA-7m48-wc93-9g85","reference_id":"GHSA-7m48-wc93-9g85","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m48-wc93-9g85"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85","reference_id":"GHSA-7m48-wc93-9g85","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59924?format=json","purl":"pkg:npm/electron@22.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24"},{"url":"http://public2.vulnerablecode.io/api/packages/59925?format=json","purl":"pkg:npm/electron@24.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/59926?format=json","purl":"pkg:npm/electron@25.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/59928?format=json","purl":"pkg:npm/electron@26.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/61460?format=json","purl":"pkg:npm/electron@27.0.0-alpha.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7"},{"url":"http://public2.vulnerablecode.io/api/packages/59922?format=json","purl":"pkg:npm/electron@27.0.0-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1"}],"aliases":["CVE-2023-44402","GHSA-7m48-wc93-9g85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7eu1-94qk-nuar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18956?format=json","vulnerability_id":"VCID-a795-r67e-p3ck","summary":"Improper Check for Unusual or Exceptional Conditions\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29198","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3528","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34797","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34921","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35013","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35034","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35398","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35268","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35319","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35331","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35373","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35293","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35315","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35352","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3535","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29198"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29198","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29198"},{"reference_url":"https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/"}],"url":"https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"},{"reference_url":"https://github.com/advisories/GHSA-p7v2-p9m8-qqg7","reference_id":"GHSA-p7v2-p9m8-qqg7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p7v2-p9m8-qqg7"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7","reference_id":"GHSA-p7v2-p9m8-qqg7","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59789?format=json","purl":"pkg:npm/electron@22.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vp7h-hm4e-quaj"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/59790?format=json","purl":"pkg:npm/electron@23.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/59791?format=json","purl":"pkg:npm/electron@24.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/576145?format=json","purl":"pkg:npm/electron@24.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vp7h-hm4e-quaj"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59792?format=json","purl":"pkg:npm/electron@25.0.0-alpha.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2"}],"aliases":["CVE-2023-29198","GHSA-p7v2-p9m8-qqg7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a795-r67e-p3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349470?format=json","vulnerability_id":"VCID-bh69-2dsz-2qbf","summary":"Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference\n### Impact\nAn undocumented `commandLineSwitches` webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct `webPreferences` by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls.\n\nApps are only affected if they construct `webPreferences` from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded `webPreferences` object are not affected.\n\n### Workarounds\nDo not spread untrusted input into `webPreferences`. Use an explicit allowlist of permitted preference keys when constructing `BrowserWindow` or `webContents` options from external configuration.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.7.0`\n* `39.8.0`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, send an email to [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34769","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05465","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0543","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05919","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05896","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05884","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05955","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05936","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05926","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00639","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0064","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00636","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00638","published_at":"2026-04-21T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00754","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34769"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34769","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455004","reference_id":"2455004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455004"},{"reference_url":"https://github.com/advisories/GHSA-9wfr-w7mm-pc7f","reference_id":"GHSA-9wfr-w7mm-pc7f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wfr-w7mm-pc7f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994094?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994095?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994100?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34769","GHSA-9wfr-w7mm-pc7f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bh69-2dsz-2qbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349438?format=json","vulnerability_id":"VCID-cjzy-nxnq-ffdp","summary":"Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes\n### Impact\nThe `nodeIntegrationInWorker` webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with `nodeIntegrationInWorker: false` could still receive Node.js integration.\n\nApps are only affected if they enable `nodeIntegrationInWorker`. Apps that do not use `nodeIntegrationInWorker` are not affected.\n\n### Workarounds\nAvoid enabling `nodeIntegrationInWorker` in apps that also open child windows or embed content with differing webPreferences.\n\n### Fixed Versions\n* `41.0.0`\n* `40.8.4`\n* `39.8.4`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34775","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01183","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01716","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01692","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08773","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09618","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09747","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0959","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09767","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0978","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34775"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34775","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455023","reference_id":"2455023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455023"},{"reference_url":"https://github.com/advisories/GHSA-xwr5-m59h-vwqr","reference_id":"GHSA-xwr5-m59h-vwqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwr5-m59h-vwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994082?format=json","purl":"pkg:npm/electron@39.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/994083?format=json","purl":"pkg:npm/electron@40.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/994084?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34775","GHSA-xwr5-m59h-vwqr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjzy-nxnq-ffdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349451?format=json","vulnerability_id":"VCID-erya-bqnr-1qht","summary":"Electron: Use-after-free in download save dialog callback\n### Impact\nApps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption.\n\nApps that do not destroy sessions at runtime, or that do not permit downloads, are not affected.\n\n### Workarounds\nAvoid destroying sessions while a download save dialog may be open. Cancel pending downloads before session teardown.\n\n### Fixed Versions\n* `41.0.0-beta.7`\n* `40.7.0`\n* `39.8.0`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34772","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02238","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02201","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02212","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02809","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03403","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03969","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03981","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04014","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03986","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04055","published_at":"2026-04-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00368","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34772"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34772","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455005","reference_id":"2455005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455005"},{"reference_url":"https://github.com/advisories/GHSA-9w97-2464-8783","reference_id":"GHSA-9w97-2464-8783","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w97-2464-8783"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994094?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994095?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994096?format=json","purl":"pkg:npm/electron@41.0.0-beta.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-phbq-fatc-mbh2"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7"}],"aliases":["CVE-2026-34772","GHSA-9w97-2464-8783"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-erya-bqnr-1qht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19209?format=json","vulnerability_id":"VCID-f81v-9fv8-93cd","summary":"Out-of-bounds Write\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87722","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.8774","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87733","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03573","scoring_system":"epss","scoring_elements":"0.87745","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88729","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88738","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04175","scoring_system":"epss","scoring_elements":"0.88728","published_at":"2026-04-29T12:55:00Z"},{"value":"0.049","scoring_system":"epss","scoring_elements":"0.89576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.049","scoring_system":"epss","scoring_elements":"0.89562","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5217"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software"},{"reference_url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241191"},{"reference_url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"},{"reference_url":"https://crbug.com/1486441","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://crbug.com/1486441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5217"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/12"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/16","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/16"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/40022","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40022"},{"reference_url":"https://github.com/electron/electron/pull/40023","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40023"},{"reference_url":"https://github.com/electron/electron/pull/40024","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40024"},{"reference_url":"https://github.com/electron/electron/pull/40025","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40025"},{"reference_url":"https://github.com/electron/electron/pull/40026","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/40026"},{"reference_url":"https://github.com/electron/electron/releases/tag/v22.3.25","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v22.3.25"},{"reference_url":"https://github.com/electron/electron/releases/tag/v24.8.5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v24.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v25.8.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v25.8.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v26.2.4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v26.2.4"},{"reference_url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v27.0.0-beta.8"},{"reference_url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590"},{"reference_url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282"},{"reference_url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/releases/tag/v1.13.1"},{"reference_url":"https://github.com/webmproject/libvpx/tags","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://github.com/webmproject/libvpx/tags"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/"},{"reference_url":"https://pastebin.com/TdkC4pDv","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://pastebin.com/TdkC4pDv"},{"reference_url":"https://security.gentoo.org/glsa/202310-04","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202310-04"},{"reference_url":"https://security.gentoo.org/glsa/202401-34","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security.gentoo.org/glsa/202401-34"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217"},{"reference_url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/"},{"reference_url":"https://support.apple.com/kb/HT213961","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213961"},{"reference_url":"https://support.apple.com/kb/HT213972","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://support.apple.com/kb/HT213972"},{"reference_url":"https://twitter.com/maddiestone/status/1707163313711497266","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://twitter.com/maddiestone/status/1707163313711497266"},{"reference_url":"https://www.debian.org/security/2023/dsa-5508","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5508"},{"reference_url":"https://www.debian.org/security/2023/dsa-5509","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5509"},{"reference_url":"https://www.debian.org/security/2023/dsa-5510","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.debian.org/security/2023/dsa-5510"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"critical","scoring_system":"generic_textual","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/28/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/11"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/14","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/14"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/29/9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/29/9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/09/30/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/09/30/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/01/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/01/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/02/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/02/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/03/11","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/03/11"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182","reference_id":"1053182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053182"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","reference_id":"AY642Z6JZODQJE7Z62CFREVUHEGCXGPD","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217","reference_id":"CVE-2023-5217","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5217"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2023-5217","reference_id":"CVE-2023-5217","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2023-5217"},{"reference_url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g","reference_id":"GHSA-qqvq-6xgj-jw8g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqvq-6xgj-jw8g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5426","reference_id":"RHSA-2023:5426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5427","reference_id":"RHSA-2023:5427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5428","reference_id":"RHSA-2023:5428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5429","reference_id":"RHSA-2023:5429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5430","reference_id":"RHSA-2023:5430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5432","reference_id":"RHSA-2023:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5433","reference_id":"RHSA-2023:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5434","reference_id":"RHSA-2023:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5435","reference_id":"RHSA-2023:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5436","reference_id":"RHSA-2023:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5437","reference_id":"RHSA-2023:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5438","reference_id":"RHSA-2023:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5439","reference_id":"RHSA-2023:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5440","reference_id":"RHSA-2023:5440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5475","reference_id":"RHSA-2023:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5477","reference_id":"RHSA-2023:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5534","reference_id":"RHSA-2023:5534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5535","reference_id":"RHSA-2023:5535","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5535"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5536","reference_id":"RHSA-2023:5536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5537","reference_id":"RHSA-2023:5537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5538","reference_id":"RHSA-2023:5538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5539","reference_id":"RHSA-2023:5539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5540","reference_id":"RHSA-2023:5540","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5540"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","reference_id":"TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:38:17Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/"},{"reference_url":"https://usn.ubuntu.com/6403-1/","reference_id":"USN-6403-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-1/"},{"reference_url":"https://usn.ubuntu.com/6403-2/","reference_id":"USN-6403-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-2/"},{"reference_url":"https://usn.ubuntu.com/6403-3/","reference_id":"USN-6403-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6403-3/"},{"reference_url":"https://usn.ubuntu.com/6404-1/","reference_id":"USN-6404-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6404-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"},{"reference_url":"https://usn.ubuntu.com/7172-1/","reference_id":"USN-7172-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7172-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60242?format=json","purl":"pkg:npm/electron@22.3.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.25"},{"url":"http://public2.vulnerablecode.io/api/packages/59748?format=json","purl":"pkg:npm/electron@23.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-e5ej-zf6n-suf5"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60243?format=json","purl":"pkg:npm/electron@24.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/59752?format=json","purl":"pkg:npm/electron@25.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-a795-r67e-p3ck"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60244?format=json","purl":"pkg:npm/electron@25.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/59753?format=json","purl":"pkg:npm/electron@26.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"},{"vulnerability":"VCID-w7f7-5frp-n3br"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60245?format=json","purl":"pkg:npm/electron@26.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/60246?format=json","purl":"pkg:npm/electron@27.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.8"}],"aliases":["CVE-2023-5217","GHSA-qqvq-6xgj-jw8g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f81v-9fv8-93cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349505?format=json","vulnerability_id":"VCID-gxk8-9wc6-wkhs","summary":"Electron: Service worker can spoof executeJavaScript IPC replies\n### Impact\nA service worker running in a session could spoof reply messages on the internal IPC channel used by `webContents.executeJavaScript()` and related methods, causing the main-process promise to resolve with attacker-controlled data.\n\nApps are only affected if they have service workers registered and use the result of `webContents.executeJavaScript()` (or `webFrameMain.executeJavaScript()`) in security-sensitive decisions.\n\n### Workarounds\nDo not trust the return value of `webContents.executeJavaScript()` for security decisions. Use dedicated, validated IPC channels for security-relevant communication with renderers.\n\n### Fixed Versions\n* `41.0.0`\n* `40.8.1`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34778","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02427","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03226","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03189","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03178","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03205","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00434","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00312","published_at":"2026-04-21T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00313","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00311","published_at":"2026-04-26T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00307","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34778"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34778","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34778"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455024","reference_id":"2455024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455024"},{"reference_url":"https://github.com/advisories/GHSA-xj5x-m3f3-5x3h","reference_id":"GHSA-xj5x-m3f3-5x3h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj5x-m3f3-5x3h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994087?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994084?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34778","GHSA-xj5x-m3f3-5x3h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxk8-9wc6-wkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349461?format=json","vulnerability_id":"VCID-hynm-7wty-ruhq","summary":"Electron: AppleScript injection in app.moveToApplicationsFolder on macOS\n### Impact\nOn macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.\n\nApps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.\n\n### Workarounds\nThere are no app side workarounds, developers must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34779","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0633","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06393","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06913","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06929","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07132","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07143","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07124","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00955","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00954","published_at":"2026-05-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00958","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00962","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34779"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34779","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34779"},{"reference_url":"https://github.com/advisories/GHSA-5rqw-r77c-jp79","reference_id":"GHSA-5rqw-r77c-jp79","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rqw-r77c-jp79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994099?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994100?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34779","GHSA-5rqw-r77c-jp79"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hynm-7wty-ruhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30106?format=json","vulnerability_id":"VCID-j7d6-zp3s-67fq","summary":"Electron vulnerable to Heap Buffer Overflow in NativeImage\n### Impact\nThe `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents.\n\n### Workaround\nThere are no app-side workarounds for this issue. You must update your Electron version to be protected.\n\n### Patches\n\n- `v28.3.2`\n- `v29.3.3`\n- `v30.0.3`\n\n### For More Information\n\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07806","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07839","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07882","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0773","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07744","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07844","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07785","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07831","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07865","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07788","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22125","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22228","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993"},{"reference_url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489","reference_id":"GHSA-6r2x-8pq8-9489","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70896?format=json","purl":"pkg:npm/electron@28.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/70897?format=json","purl":"pkg:npm/electron@29.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/70898?format=json","purl":"pkg:npm/electron@30.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-fuwj-56jp-tyds"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3"}],"aliases":["CVE-2024-46993","GHSA-6r2x-8pq8-9489"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7d6-zp3s-67fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349510?format=json","vulnerability_id":"VCID-k7gj-cczw-wfeb","summary":"Electron: Incorrect origin passed to permission request handler for iframe requests\n### Impact\nWhen an iframe requests `fullscreen`, `pointerLock`, `keyboardLock`, `openExternal`, or `media` permissions, the origin passed to `session.setPermissionRequestHandler()` was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter or `webContents.getURL()` may inadvertently grant permissions to embedded third-party content.\n\nThe correct requesting URL remains available via `details.requestingUrl`. Apps that already check `details.requestingUrl` are not affected.\n\n### Workarounds\nIn your `setPermissionRequestHandler`, inspect `details.requestingUrl` rather than the origin parameter or `webContents.getURL()` when deciding whether to grant `fullscreen`, `pointerLock`, `keyboardLock`, `openExternal`, or `media` permissions.\n\n### Fixed Versions\n* `41.0.0`\n* `40.8.1`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34777","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02646","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02653","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02651","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03224","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03199","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03315","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03245","published_at":"2026-04-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00289","published_at":"2026-04-29T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00294","published_at":"2026-04-26T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00296","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0036","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34777"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34777","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455022","reference_id":"2455022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455022"},{"reference_url":"https://github.com/advisories/GHSA-r5p7-gp4j-qhrx","reference_id":"GHSA-r5p7-gp4j-qhrx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5p7-gp4j-qhrx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994087?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994084?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34777","GHSA-r5p7-gp4j-qhrx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7gj-cczw-wfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349479?format=json","vulnerability_id":"VCID-ktbs-t8kb-5kch","summary":"Electron: Use-after-free in PowerMonitor on Windows and macOS\n### Impact\nApps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.\n\nAll apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34770","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02212","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02238","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02201","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02809","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03305","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0329","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03299","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03958","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0387","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03861","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03881","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03927","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00354","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34770"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34770","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34770"},{"reference_url":"https://github.com/advisories/GHSA-jjp3-mq3x-295m","reference_id":"GHSA-jjp3-mq3x-295m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjp3-mq3x-295m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994099?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994100?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34770","GHSA-jjp3-mq3x-295m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktbs-t8kb-5kch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25726?format=json","vulnerability_id":"VCID-qd52-rbd7-qkbn","summary":"Electron has ASAR Integrity Bypass via resource modification\n### Impact\nThis only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.\n\nSpecifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `38.0.0-beta.6`\n* `37.3.1`\n* `36.8.1`\n* `35.7.5`\n\n### For more information\nIf you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00389","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00393","published_at":"2026-04-26T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00369","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00365","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0037","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00392","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00375","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00378","published_at":"2026-04-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00377","published_at":"2026-04-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0038","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00372","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b"},{"reference_url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1"},{"reference_url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d"},{"reference_url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee"},{"reference_url":"https://github.com/electron/electron/pull/48101","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48101"},{"reference_url":"https://github.com/electron/electron/pull/48102","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48102"},{"reference_url":"https://github.com/electron/electron/pull/48103","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48103"},{"reference_url":"https://github.com/electron/electron/pull/48104","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48104"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398","reference_id":"2393398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398"},{"reference_url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"GHSA-vmqv-hx8q-j7mg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68977?format=json","purl":"pkg:npm/electron@35.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/68978?format=json","purl":"pkg:npm/electron@36.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68979?format=json","purl":"pkg:npm/electron@37.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/68980?format=json","purl":"pkg:npm/electron@38.0.0-beta.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6"}],"aliases":["CVE-2025-55305","GHSA-vmqv-hx8q-j7mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qd52-rbd7-qkbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349525?format=json","vulnerability_id":"VCID-r7j1-66md-zkak","summary":"Electron: USB device selection not validated against filtered device list\n### Impact\nThe `select-usb-device` event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's requested `filters` or was listed in `exclusionFilters`.\n\nThe WebUSB security blocklist remained enforced regardless, so security-sensitive devices on the blocklist were not affected. The practical impact is limited to apps with unusual device-selection logic.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.7.0`\n* `39.8.0`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, send an email to [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34766","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01307","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06559","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06648","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0664","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06655","published_at":"2026-04-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00802","published_at":"2026-04-21T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00799","published_at":"2026-04-29T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00804","published_at":"2026-04-26T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00803","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01031","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34766"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34766","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454998","reference_id":"2454998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454998"},{"reference_url":"https://github.com/advisories/GHSA-9899-m83m-qhpj","reference_id":"GHSA-9899-m83m-qhpj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9899-m83m-qhpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994094?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994095?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994100?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34766","GHSA-9899-m83m-qhpj"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r7j1-66md-zkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349507?format=json","vulnerability_id":"VCID-t1z9-bmnv-57bm","summary":"Electron: HTTP Response Header Injection in custom protocol handlers and webRequest\n### Impact\nApps that register custom protocol handlers via `protocol.handle()` / `protocol.registerSchemesAsPrivileged()` or modify response headers via `webRequest.onHeadersReceived` may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value.\n\nAn attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls.\n\nApps that do not reflect external input into response headers are not affected.\n\n### Workarounds\nValidate or sanitize any untrusted input before including it in a response header name or value.\n\n### Fixed Versions\n* `41.0.3`\n* `40.8.3`\n* `39.8.3`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, send an email to [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34767","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01535","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01281","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01285","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01274","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08164","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08105","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08944","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09178","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09288","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09301","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0933","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34767"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34767","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455000","reference_id":"2455000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455000"},{"reference_url":"https://github.com/advisories/GHSA-4p4r-m79c-wq3v","reference_id":"GHSA-4p4r-m79c-wq3v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4r-m79c-wq3v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994113?format=json","purl":"pkg:npm/electron@39.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/994114?format=json","purl":"pkg:npm/electron@40.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/994115?format=json","purl":"pkg:npm/electron@41.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3"}],"aliases":["CVE-2026-34767","GHSA-4p4r-m79c-wq3v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1z9-bmnv-57bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349496?format=json","vulnerability_id":"VCID-ttvv-eca2-sfhu","summary":"Electron: Use-after-free in offscreen child window paint callback\n### Impact\nApps that use offscreen rendering and allow child windows via `window.open()` may be vulnerable to a use-after-free. If the parent offscreen `WebContents` is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption.\n\nApps are only affected if they use offscreen rendering (`webPreferences.offscreen: true`) and their `setWindowOpenHandler` permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected.\n\n### Workarounds\nDeny child window creation from offscreen renderers in your `setWindowOpenHandler`, or ensure child windows are closed before the parent is destroyed.\n\n### Fixed Versions\n* `41.0.0`\n* `40.7.0`\n* `39.8.1`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34774","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04115","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04664","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04638","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04604","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05329","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1754","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17549","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17595","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17691","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34774"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34774","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455026","reference_id":"2455026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455026"},{"reference_url":"https://github.com/advisories/GHSA-532v-xpq5-8h95","reference_id":"GHSA-532v-xpq5-8h95","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-532v-xpq5-8h95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994095?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994084?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34774","GHSA-532v-xpq5-8h95"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttvv-eca2-sfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349489?format=json","vulnerability_id":"VCID-uwqv-4aqn-87fd","summary":"Electron: Unquoted executable path in app.setLoginItemSettings on Windows\n### Impact\nOn Windows, `app.setLoginItemSettings({openAtLogin: true})` wrote the executable path to the `Run` registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login instead of the intended app.\n\nOn a default Windows install, standard system directories are protected against writes by standard users, so exploitation typically requires a non-standard install location.\n\n### Workarounds\nInstall the application to a path without spaces, or to a location where all ancestor directories are protected against unauthorized writes.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, send an email to [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34768","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01499","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0151","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01506","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01967","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01949","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01948","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01987","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03196","published_at":"2026-04-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00313","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00308","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00437","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00311","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34768"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34768","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34768"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454996","reference_id":"2454996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454996"},{"reference_url":"https://github.com/advisories/GHSA-jfqx-fxh3-c62j","reference_id":"GHSA-jfqx-fxh3-c62j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfqx-fxh3-c62j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994099?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994100?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34768","GHSA-jfqx-fxh3-c62j"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqv-4aqn-87fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349442?format=json","vulnerability_id":"VCID-vda9-xbsz-d7fm","summary":"Electron: Out-of-bounds read in second-instance IPC on macOS and Linux\n### Impact\nOn macOS and Linux, apps that call `app.requestSingleInstanceLock()` were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's `second-instance` event handler.\n\nThis issue is limited to processes running as the same user as the Electron app.\n\nApps that do not call `app.requestSingleInstanceLock()` are not affected. Windows is not affected by this issue.\n\n### Workarounds\nThere are no app side workarounds, developers must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0`\n* `40.8.1`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34776","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0121","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01662","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02182","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02178","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0285","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02917","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02889","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0286","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00401","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00402","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34776"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34776","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455021","reference_id":"2455021","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455021"},{"reference_url":"https://github.com/advisories/GHSA-3c8v-cfp5-9885","reference_id":"GHSA-3c8v-cfp5-9885","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3c8v-cfp5-9885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994086?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994087?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/994084?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-t1z9-bmnv-57bm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34776","GHSA-3c8v-cfp5-9885"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vda9-xbsz-d7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349462?format=json","vulnerability_id":"VCID-vp7h-hm4e-quaj","summary":"Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks\n### Impact\nApps that register an asynchronous `session.setPermissionRequestHandler()` may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption.\n\nApps that do not set a permission request handler, or whose handler responds synchronously, are not affected.\n\n### Workarounds\nRespond to permission requests synchronously, or deny fullscreen, pointer-lock, and keyboard-lock requests if an asynchronous flow is required.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.7.0`\n* `39.8.0`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34771","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02859","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0369","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03645","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03641","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04441","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11788","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11704","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12798","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12942","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12802","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13018","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12978","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34771"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34771","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454995","reference_id":"2454995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454995"},{"reference_url":"https://github.com/advisories/GHSA-8337-3p73-46f4","reference_id":"GHSA-8337-3p73-46f4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8337-3p73-46f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994081?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-ttvv-eca2-sfhu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/994094?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994095?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/994100?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7yvz-624p-m7fe"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-vda9-xbsz-d7fm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34771","GHSA-8337-3p73-46f4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vp7h-hm4e-quaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18912?format=json","vulnerability_id":"VCID-w7f7-5frp-n3br","summary":"Improper Control of Generation of Code ('Code Injection')\nElectron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07564","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07635","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07559","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07687","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07637","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07615","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07579","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07567","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07609","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07643","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07661","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956"},{"reference_url":"https://github.com/advisories/GHSA-7x97-j373-85x5","reference_id":"GHSA-7x97-j373-85x5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7x97-j373-85x5"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5","reference_id":"GHSA-7x97-j373-85x5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59754?format=json","purl":"pkg:npm/electron@22.3.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/576213?format=json","purl":"pkg:npm/electron@22.3.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.21"},{"url":"http://public2.vulnerablecode.io/api/packages/59755?format=json","purl":"pkg:npm/electron@23.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/59756?format=json","purl":"pkg:npm/electron@24.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/59757?format=json","purl":"pkg:npm/electron@25.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59758?format=json","purl":"pkg:npm/electron@26.0.0-beta.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13"},{"url":"http://public2.vulnerablecode.io/api/packages/59921?format=json","purl":"pkg:npm/electron@26.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uv6-6zfm-x7c6"},{"vulnerability":"VCID-7eu1-94qk-nuar"},{"vulnerability":"VCID-bh69-2dsz-2qbf"},{"vulnerability":"VCID-cjzy-nxnq-ffdp"},{"vulnerability":"VCID-erya-bqnr-1qht"},{"vulnerability":"VCID-f81v-9fv8-93cd"},{"vulnerability":"VCID-gxk8-9wc6-wkhs"},{"vulnerability":"VCID-hynm-7wty-ruhq"},{"vulnerability":"VCID-j7d6-zp3s-67fq"},{"vulnerability":"VCID-k7gj-cczw-wfeb"},{"vulnerability":"VCID-ktbs-t8kb-5kch"},{"vulnerability":"VCID-qd52-rbd7-qkbn"},{"vulnerability":"VCID-r7j1-66md-zkak"},{"vulnerability":"VCID-t1z9-bmnv-57bm"},{"vulnerability":"VCID-ttvv-eca2-sfhu"},{"vulnerability":"VCID-uwqv-4aqn-87fd"},{"vulnerability":"VCID-vda9-xbsz-d7fm"},{"vulnerability":"VCID-vdzj-kqfy-d3b7"},{"vulnerability":"VCID-vp7h-hm4e-quaj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0"}],"aliases":["CVE-2023-39956","GHSA-7x97-j373-85x5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7f7-5frp-n3br"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@20.1.2"}