{"url":"http://public2.vulnerablecode.io/api/packages/650100?format=json","purl":"pkg:npm/electron@26.0.0-beta.8","type":"npm","namespace":"","name":"electron","version":"26.0.0-beta.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.0.0-beta.13","latest_non_vulnerable_version":"42.0.0-alpha.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74859?format=json","vulnerability_id":"VCID-183u-hw9z-67bh","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettings({openAtLogin: true}) wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login instead of the intended app. On a default Windows install, standard system directories are protected against writes by standard users, so exploitation typically requires a non-standard install location. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34768","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00458","published_at":"2026-06-12T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00461","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34768"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34768","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34768"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454996","reference_id":"2454996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454996"},{"reference_url":"https://github.com/advisories/GHSA-jfqx-fxh3-c62j","reference_id":"GHSA-jfqx-fxh3-c62j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfqx-fxh3-c62j"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j","reference_id":"GHSA-jfqx-fxh3-c62j","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373696?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373697?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34768","GHSA-jfqx-fxh3-c62j"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-183u-hw9z-67bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75257?format=json","vulnerability_id":"VCID-32q7-z5g7-qude","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34775","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03089","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03077","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34775"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34775","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455023","reference_id":"2455023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455023"},{"reference_url":"https://github.com/advisories/GHSA-xwr5-m59h-vwqr","reference_id":"GHSA-xwr5-m59h-vwqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwr5-m59h-vwqr"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr","reference_id":"GHSA-xwr5-m59h-vwqr","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373269?format=json","purl":"pkg:npm/electron@39.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373270?format=json","purl":"pkg:npm/electron@40.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/373271?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34775","GHSA-xwr5-m59h-vwqr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32q7-z5g7-qude"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121385?format=json","vulnerability_id":"VCID-346j-kfxs-akf5","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is fixed in versions 35.7.5, 36.8.1, 37.3.1 and 38.0.0-beta.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00955","published_at":"2026-06-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00953","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55305"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398","reference_id":"2393398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393398"},{"reference_url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b","reference_id":"23a02934510fcf951428e14573d9b2d2a3c4f28b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/23a02934510fcf951428e14573d9b2d2a3c4f28b"},{"reference_url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1","reference_id":"2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/2e5a0b7220ebf955c6785cc5adb2e2b1cf77dac1"},{"reference_url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d","reference_id":"3f92511cdecc39f46b0e86cce40a0c691e301c9d","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/3f92511cdecc39f46b0e86cce40a0c691e301c9d"},{"reference_url":"https://github.com/electron/electron/pull/48101","reference_id":"48101","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48101"},{"reference_url":"https://github.com/electron/electron/pull/48102","reference_id":"48102","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48102"},{"reference_url":"https://github.com/electron/electron/pull/48103","reference_id":"48103","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48103"},{"reference_url":"https://github.com/electron/electron/pull/48104","reference_id":"48104","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/pull/48104"},{"reference_url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee","reference_id":"fdf29ce83870109d403f5c23ae529dbd0e8f4fee","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/commit/fdf29ce83870109d403f5c23ae529dbd0e8f4fee"},{"reference_url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"GHSA-vmqv-hx8q-j7mg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vmqv-hx8q-j7mg"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg","reference_id":"GHSA-vmqv-hx8q-j7mg","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T15:44:19Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376826?format=json","purl":"pkg:npm/electron@35.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/376827?format=json","purl":"pkg:npm/electron@36.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/376828?format=json","purl":"pkg:npm/electron@37.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/376829?format=json","purl":"pkg:npm/electron@38.0.0-beta.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6"}],"aliases":["CVE-2025-55305","GHSA-vmqv-hx8q-j7mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-346j-kfxs-akf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74842?format=json","vulnerability_id":"VCID-4sa7-5jy6-jkf2","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption. All apps that access powerMonitor events (suspend, resume, lock-screen, etc.) are potentially affected. The issue is not directly renderer-controllable. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34770","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04122","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04105","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34770"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34770","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34770"},{"reference_url":"https://github.com/advisories/GHSA-jjp3-mq3x-295m","reference_id":"GHSA-jjp3-mq3x-295m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjp3-mq3x-295m"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m","reference_id":"GHSA-jjp3-mq3x-295m","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373696?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373697?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34770","GHSA-jjp3-mq3x-295m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sa7-5jy6-jkf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74761?format=json","vulnerability_id":"VCID-6h3u-keqg-gufv","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34772","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04122","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04105","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34772"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34772","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455005","reference_id":"2455005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455005"},{"reference_url":"https://github.com/advisories/GHSA-9w97-2464-8783","reference_id":"GHSA-9w97-2464-8783","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9w97-2464-8783"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783","reference_id":"GHSA-9w97-2464-8783","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373567?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373569?format=json","purl":"pkg:npm/electron@41.0.0-beta.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-59fc-ch9h-a7fu"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7"}],"aliases":["CVE-2026-34772","GHSA-9w97-2464-8783"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6h3u-keqg-gufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356844?format=json","vulnerability_id":"VCID-7fkm-hs48-13hw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29719","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29916","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-44402"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/pull/39788","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/39788"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-44402"},{"reference_url":"https://github.com/advisories/GHSA-7m48-wc93-9g85","reference_id":"GHSA-7m48-wc93-9g85","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m48-wc93-9g85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379849?format=json","purl":"pkg:npm/electron@26.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-346j-kfxs-akf5"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-m48q-c84y-k7af"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"},{"vulnerability":"VCID-zj6v-hmj8-syfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/380265?format=json","purl":"pkg:npm/electron@27.0.0-alpha.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7"},{"url":"http://public2.vulnerablecode.io/api/packages/394304?format=json","purl":"pkg:npm/electron@27.0.0-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-346j-kfxs-akf5"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-jw6f-farc-7bhq"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-m48q-c84y-k7af"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"},{"vulnerability":"VCID-zj6v-hmj8-syfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1"}],"aliases":["CVE-2023-44402","GHSA-7m48-wc93-9g85"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fkm-hs48-13hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139648?format=json","vulnerability_id":"VCID-beaq-5xq8-d3es","summary":"Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted.   Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance.  This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0799","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07955","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39956"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39956"},{"reference_url":"https://github.com/advisories/GHSA-7x97-j373-85x5","reference_id":"GHSA-7x97-j373-85x5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7x97-j373-85x5"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5","reference_id":"GHSA-7x97-j373-85x5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:20Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379842?format=json","purl":"pkg:npm/electron@26.0.0-beta.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.13"},{"url":"http://public2.vulnerablecode.io/api/packages/394303?format=json","purl":"pkg:npm/electron@26.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-346j-kfxs-akf5"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-7fkm-hs48-13hw"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-jw6f-farc-7bhq"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-m48q-c84y-k7af"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"},{"vulnerability":"VCID-zj6v-hmj8-syfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0"}],"aliases":["CVE-2023-39956","GHSA-7x97-j373-85x5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-beaq-5xq8-d3es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74959?format=json","vulnerability_id":"VCID-f95q-8yva-pqbg","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder() used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt. Apps are only affected if they call app.moveToApplicationsFolder(). Apps that do not use this API are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34779","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01569","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34779"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34779","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34779"},{"reference_url":"https://github.com/advisories/GHSA-5rqw-r77c-jp79","reference_id":"GHSA-5rqw-r77c-jp79","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rqw-r77c-jp79"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79","reference_id":"GHSA-5rqw-r77c-jp79","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373696?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373697?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34779","GHSA-5rqw-r77c-jp79"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f95q-8yva-pqbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74832?format=json","vulnerability_id":"VCID-g6rj-h8np-g7ay","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer sandboxing or web security controls. Apps are only affected if they construct webPreferences from external or untrusted input without an allowlist. Apps that use a fixed, hardcoded webPreferences object are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34769","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02302","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34769"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34769","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455004","reference_id":"2455004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455004"},{"reference_url":"https://github.com/advisories/GHSA-9wfr-w7mm-pc7f","reference_id":"GHSA-9wfr-w7mm-pc7f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wfr-w7mm-pc7f"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f","reference_id":"GHSA-9wfr-w7mm-pc7f","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373567?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373697?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34769","GHSA-9wfr-w7mm-pc7f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6rj-h8np-g7ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75050?format=json","vulnerability_id":"VCID-hd38-x6m6-5yds","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.requestSingleInstanceLock() were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same user as the Electron app. Apps that do not call app.requestSingleInstanceLock() are not affected. Windows is not affected by this issue. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34776","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02468","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02466","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34776"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34776","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455021","reference_id":"2455021","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455021"},{"reference_url":"https://github.com/advisories/GHSA-3c8v-cfp5-9885","reference_id":"GHSA-3c8v-cfp5-9885","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3c8v-cfp5-9885"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885","reference_id":"GHSA-3c8v-cfp5-9885","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373325?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373271?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34776","GHSA-3c8v-cfp5-9885"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd38-x6m6-5yds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74765?format=json","vulnerability_id":"VCID-jk3h-fgjr-kffg","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle() / protocol.registerSchemesAsPrivileged() or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value. An attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls. Apps that do not reflect external input into response headers are not affected. This issue has been patched in versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34767","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02238","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02234","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34767"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34767","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455000","reference_id":"2455000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455000"},{"reference_url":"https://github.com/advisories/GHSA-4p4r-m79c-wq3v","reference_id":"GHSA-4p4r-m79c-wq3v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4r-m79c-wq3v"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v","reference_id":"GHSA-4p4r-m79c-wq3v","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/374127?format=json","purl":"pkg:npm/electron@39.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374128?format=json","purl":"pkg:npm/electron@40.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/374129?format=json","purl":"pkg:npm/electron@41.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3"}],"aliases":["CVE-2026-34767","GHSA-4p4r-m79c-wq3v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jk3h-fgjr-kffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75241?format=json","vulnerability_id":"VCID-k9uz-dsnp-6qev","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If that existing child was created with more permissive webPreferences (via setWindowOpenHandler's overrideBrowserWindowOptions), content loaded by the second renderer inherits those permissions. Apps are only affected if they open multiple top-level windows with differing trust levels and use setWindowOpenHandler to grant child windows elevated webPreferences such as a privileged preload script. Apps that do not elevate child window privileges, or that use a single top-level window, are not affected. Apps that additionally grant nodeIntegration: true or sandbox: false to child windows (contrary to the security recommendations) may be exposed to arbitrary code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34765","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07627","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0759","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34765"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/releases/tag/v39.8.5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v39.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v40.8.5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v40.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v41.1.0","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v41.1.0"},{"reference_url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34765","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456278","reference_id":"2456278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456278"},{"reference_url":"https://github.com/advisories/GHSA-f3pv-wv63-48x8","reference_id":"GHSA-f3pv-wv63-48x8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f3pv-wv63-48x8"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8","reference_id":"GHSA-f3pv-wv63-48x8","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374052?format=json","purl":"pkg:npm/electron@39.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/374053?format=json","purl":"pkg:npm/electron@40.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/374054?format=json","purl":"pkg:npm/electron@41.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/374055?format=json","purl":"pkg:npm/electron@42.0.0-alpha.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5"}],"aliases":["CVE-2026-34765","GHSA-f3pv-wv63-48x8"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9uz-dsnp-6qev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74988?format=json","vulnerability_id":"VCID-kznb-y8yr-7bds","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript() and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered and use the result of webContents.executeJavaScript() (or webFrameMain.executeJavaScript()) in security-sensitive decisions. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34778","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00656","published_at":"2026-06-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00657","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34778"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34778","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34778"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455024","reference_id":"2455024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455024"},{"reference_url":"https://github.com/advisories/GHSA-xj5x-m3f3-5x3h","reference_id":"GHSA-xj5x-m3f3-5x3h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj5x-m3f3-5x3h"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h","reference_id":"GHSA-xj5x-m3f3-5x3h","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373325?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373271?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34778","GHSA-xj5x-m3f3-5x3h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kznb-y8yr-7bds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20772?format=json","vulnerability_id":"VCID-m48q-c84y-k7af","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14681","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14803","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-46993"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46993"},{"reference_url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489","reference_id":"GHSA-6r2x-8pq8-9489","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6r2x-8pq8-9489"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489","reference_id":"GHSA-6r2x-8pq8-9489","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T13:45:02Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-6r2x-8pq8-9489"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378715?format=json","purl":"pkg:npm/electron@28.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-346j-kfxs-akf5"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/378716?format=json","purl":"pkg:npm/electron@29.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-346j-kfxs-akf5"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/378717?format=json","purl":"pkg:npm/electron@30.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-346j-kfxs-akf5"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-6h3u-keqg-gufv"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-g6rj-h8np-g7ay"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-nng3-6g42-r3ge"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-prfv-2m76-wkhm"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-u65z-257u-jfgc"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3"}],"aliases":["CVE-2024-46993","GHSA-6r2x-8pq8-9489"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m48q-c84y-k7af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74640?format=json","vulnerability_id":"VCID-nng3-6g42-r3ge","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34771","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05798","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05773","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34771"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34771","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454995","reference_id":"2454995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454995"},{"reference_url":"https://github.com/advisories/GHSA-8337-3p73-46f4","reference_id":"GHSA-8337-3p73-46f4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8337-3p73-46f4"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4","reference_id":"GHSA-8337-3p73-46f4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373567?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373697?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34771","GHSA-8337-3p73-46f4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nng3-6g42-r3ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74782?format=json","vulnerability_id":"VCID-p418-zdbc-tkfx","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be vulnerable to a denial of service. If the system clipboard contains image data that fails to decode, the resulting null bitmap is passed unchecked to image construction, triggering a controlled abort and crashing the process. Apps are only affected if they call clipboard.readImage(). Apps that do not read images from the clipboard are not affected. This issue does not allow memory corruption or code execution. This vulnerability is fixed in 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34781","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00314","published_at":"2026-06-12T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00315","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34781"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287"},{"reference_url":"https://github.com/electron/electron/pull/50475","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/50475"},{"reference_url":"https://github.com/electron/electron/releases/tag/v39.8.5","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v39.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v40.8.5","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v40.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v41.1.0","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v41.1.0"},{"reference_url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34781","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456279","reference_id":"2456279","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456279"},{"reference_url":"https://github.com/advisories/GHSA-f37v-82c4-4x64","reference_id":"GHSA-f37v-82c4-4x64","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f37v-82c4-4x64"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64","reference_id":"GHSA-f37v-82c4-4x64","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374052?format=json","purl":"pkg:npm/electron@39.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/374053?format=json","purl":"pkg:npm/electron@40.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/374054?format=json","purl":"pkg:npm/electron@41.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/374055?format=json","purl":"pkg:npm/electron@42.0.0-alpha.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5"}],"aliases":["CVE-2026-34781","GHSA-f37v-82c4-4x64"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p418-zdbc-tkfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75155?format=json","vulnerability_id":"VCID-szv3-rj5s-7kcy","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClient(protocol) did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\\Software\\Classes\\, potentially hijacking existing protocol handlers. Apps are only affected if they call app.setAsDefaultProtocolClient() with a protocol name derived from external or untrusted input. Apps that use a hardcoded protocol name are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34773","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07978","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34773"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34773","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455025","reference_id":"2455025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455025"},{"reference_url":"https://github.com/advisories/GHSA-mwmh-mq4g-g6gr","reference_id":"GHSA-mwmh-mq4g-g6gr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwmh-mq4g-g6gr"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr","reference_id":"GHSA-mwmh-mq4g-g6gr","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373325?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373271?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34773","GHSA-mwmh-mq4g-g6gr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szv3-rj5s-7kcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74905?format=json","vulnerability_id":"VCID-u65z-257u-jfgc","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the handler. An app whose handler could be influenced to select a device ID outside the filtered set would grant access to a device that did not match the renderer's requested filters or was listed in exclusionFilters. The WebUSB security blocklist remained enforced regardless, so security-sensitive devices on the blocklist were not affected. The practical impact is limited to apps with unusual device-selection logic. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34766","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01411","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01409","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34766"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34766","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454998","reference_id":"2454998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454998"},{"reference_url":"https://github.com/advisories/GHSA-9899-m83m-qhpj","reference_id":"GHSA-9899-m83m-qhpj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9899-m83m-qhpj"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj","reference_id":"GHSA-9899-m83m-qhpj","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373567?format=json","purl":"pkg:npm/electron@39.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373697?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-ve97-xkqj-33aq"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34766","GHSA-9899-m83m-qhpj"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u65z-257u-jfgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74670?format=json","vulnerability_id":"VCID-ve97-xkqj-33aq","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open() may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or memory corruption. Apps are only affected if they use offscreen rendering (webPreferences.offscreen: true) and their setWindowOpenHandler permits child windows. Apps that do not use offscreen rendering, or that deny child windows, are not affected. This issue has been patched in versions 39.8.1, 40.7.0, and 41.0.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34774","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05872","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05845","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34774"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34774","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455026","reference_id":"2455026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455026"},{"reference_url":"https://github.com/advisories/GHSA-532v-xpq5-8h95","reference_id":"GHSA-532v-xpq5-8h95","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-532v-xpq5-8h95"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95","reference_id":"GHSA-532v-xpq5-8h95","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-183u-hw9z-67bh"},{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-4sa7-5jy6-jkf2"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-f95q-8yva-pqbg"},{"vulnerability":"VCID-hd38-x6m6-5yds"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-kznb-y8yr-7bds"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-szv3-rj5s-7kcy"},{"vulnerability":"VCID-xkbg-6qfc-jqe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/373271?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34774","GHSA-532v-xpq5-8h95"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ve97-xkqj-33aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75246?format=json","vulnerability_id":"VCID-xkbg-6qfc-jqe5","summary":"Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler() was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter or webContents.getURL() may inadvertently grant permissions to embedded third-party content. The correct requesting URL remains available via details.requestingUrl. Apps that already check details.requestingUrl are not affected. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34777","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00527","published_at":"2026-06-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0053","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34777"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34777","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455022","reference_id":"2455022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455022"},{"reference_url":"https://github.com/advisories/GHSA-r5p7-gp4j-qhrx","reference_id":"GHSA-r5p7-gp4j-qhrx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5p7-gp4j-qhrx"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx","reference_id":"GHSA-r5p7-gp4j-qhrx","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373268?format=json","purl":"pkg:npm/electron@38.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"},{"vulnerability":"VCID-ve97-xkqj-33aq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373324?format=json","purl":"pkg:npm/electron@39.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373325?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-32q7-z5g7-qude"},{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/373271?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e2ch-6mpc-ykhz"},{"vulnerability":"VCID-jk3h-fgjr-kffg"},{"vulnerability":"VCID-k9uz-dsnp-6qev"},{"vulnerability":"VCID-p418-zdbc-tkfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34777","GHSA-r5p7-gp4j-qhrx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkbg-6qfc-jqe5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0-beta.8"}