| 0 |
| url |
VCID-2kk5-3p41-kycs |
| vulnerability_id |
VCID-2kk5-3p41-kycs |
| summary |
electron: Electron: Protocol handler hijacking via improper validation of protocol names |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34773 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06644 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06694 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06698 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06684 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06642 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34773 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34773, GHSA-mwmh-mq4g-g6gr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2kk5-3p41-kycs |
|
| 1 |
| url |
VCID-2tjw-wwpp-57ac |
| vulnerability_id |
VCID-2tjw-wwpp-57ac |
| summary |
Improper Control of Generation of Code ('Code Injection')
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-39956 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07914 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.0796 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07973 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07947 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00026 |
| scoring_system |
epss |
| scoring_elements |
0.07896 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-39956 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/electron@23.3.13 |
| purl |
pkg:npm/electron@23.3.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-de1j-4qwd-duab |
|
| 8 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 9 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 10 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 11 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 12 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 13 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 14 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 15 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 16 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 17 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 18 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.3.13 |
|
| 1 |
| url |
pkg:npm/electron@24.7.1 |
| purl |
pkg:npm/electron@24.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-de1j-4qwd-duab |
|
| 8 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 9 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 10 |
| vulnerability |
VCID-ghpk-c1e6-pkae |
|
| 11 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 12 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 13 |
| vulnerability |
VCID-k669-cacz-9fcd |
|
| 14 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 15 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 16 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 17 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 18 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 19 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 20 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.7.1 |
|
| 2 |
| url |
pkg:npm/electron@25.5.0 |
| purl |
pkg:npm/electron@25.5.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-de1j-4qwd-duab |
|
| 8 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 9 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 10 |
| vulnerability |
VCID-ghpk-c1e6-pkae |
|
| 11 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 12 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 13 |
| vulnerability |
VCID-k669-cacz-9fcd |
|
| 14 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 15 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 16 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 17 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 18 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 19 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 20 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.5.0 |
|
| 3 |
|
| 4 |
| url |
pkg:npm/electron@26.0.0 |
| purl |
pkg:npm/electron@26.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-de1j-4qwd-duab |
|
| 8 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 9 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 10 |
| vulnerability |
VCID-ghpk-c1e6-pkae |
|
| 11 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 12 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 13 |
| vulnerability |
VCID-k669-cacz-9fcd |
|
| 14 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 15 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 16 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 17 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 18 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 19 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 20 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.0.0 |
|
|
| aliases |
CVE-2023-39956, GHSA-7x97-j373-85x5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2tjw-wwpp-57ac |
|
| 2 |
| url |
VCID-3wxh-7cvs-g3et |
| vulnerability_id |
VCID-3wxh-7cvs-g3et |
| summary |
Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34769 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01631 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01636 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01643 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01642 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00012 |
| scoring_system |
epss |
| scoring_elements |
0.01634 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34769 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
|
|
| aliases |
CVE-2026-34769, GHSA-9wfr-w7mm-pc7f
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3wxh-7cvs-g3et |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
VCID-5w4g-q3st-m7hf |
| vulnerability_id |
VCID-5w4g-q3st-m7hf |
| summary |
Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34774 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05524 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05536 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05519 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05518 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00019 |
| scoring_system |
epss |
| scoring_elements |
0.05478 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34774 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 2 |
|
|
| aliases |
CVE-2026-34774, GHSA-532v-xpq5-8h95
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5w4g-q3st-m7hf |
|
| 6 |
| url |
VCID-6vad-u5vg-dba5 |
| vulnerability_id |
VCID-6vad-u5vg-dba5 |
| summary |
Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
|
|
| aliases |
CVE-2026-34766, GHSA-9899-m83m-qhpj
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vad-u5vg-dba5 |
|
| 7 |
| url |
VCID-7c28-bmu2-qbcs |
| vulnerability_id |
VCID-7c28-bmu2-qbcs |
| summary |
Electron has ASAR Integrity Bypass via resource modification
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted.
Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-55305 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00958 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00956 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00959 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00957 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-55305 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/electron@35.7.5 |
| purl |
pkg:npm/electron@35.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 7 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 8 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 9 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@35.7.5 |
|
| 1 |
| url |
pkg:npm/electron@36.8.1 |
| purl |
pkg:npm/electron@36.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 7 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 8 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 9 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@36.8.1 |
|
| 2 |
| url |
pkg:npm/electron@37.3.1 |
| purl |
pkg:npm/electron@37.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 7 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 8 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 9 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@37.3.1 |
|
| 3 |
| url |
pkg:npm/electron@38.0.0-beta.6 |
| purl |
pkg:npm/electron@38.0.0-beta.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 7 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 8 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 9 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@38.0.0-beta.6 |
|
|
| aliases |
CVE-2025-55305, GHSA-vmqv-hx8q-j7mg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7c28-bmu2-qbcs |
|
| 8 |
| url |
VCID-de1j-4qwd-duab |
| vulnerability_id |
VCID-de1j-4qwd-duab |
| summary |
ASAR Integrity bypass via filetype confusion in electron
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.
Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-44402 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.29673 |
| published_at |
2026-06-08T12:55:00Z |
|
| 1 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.29705 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.29738 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.29686 |
| published_at |
2026-06-09T12:55:00Z |
|
| 4 |
| value |
0.00115 |
| scoring_system |
epss |
| scoring_elements |
0.29775 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-44402 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/electron@24.8.3 |
| purl |
pkg:npm/electron@24.8.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 8 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 9 |
| vulnerability |
VCID-ghpk-c1e6-pkae |
|
| 10 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 11 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 12 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 13 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 14 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 15 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 16 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 17 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 18 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3 |
|
| 1 |
| url |
pkg:npm/electron@25.8.1 |
| purl |
pkg:npm/electron@25.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 8 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 9 |
| vulnerability |
VCID-ghpk-c1e6-pkae |
|
| 10 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 11 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 12 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 13 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 14 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 15 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 16 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 17 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 18 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1 |
|
| 2 |
| url |
pkg:npm/electron@26.2.1 |
| purl |
pkg:npm/electron@26.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 8 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 9 |
| vulnerability |
VCID-ghpk-c1e6-pkae |
|
| 10 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 11 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 12 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 13 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 14 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 15 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 16 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 17 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 18 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1 |
|
| 3 |
|
| 4 |
| url |
pkg:npm/electron@27.0.0-beta.1 |
| purl |
pkg:npm/electron@27.0.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 8 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 9 |
| vulnerability |
VCID-ghpk-c1e6-pkae |
|
| 10 |
| vulnerability |
VCID-hzte-vg4j-cbgt |
|
| 11 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 12 |
| vulnerability |
VCID-k669-cacz-9fcd |
|
| 13 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 14 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 15 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 16 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 17 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 18 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 19 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.1 |
|
|
| aliases |
CVE-2023-44402, GHSA-7m48-wc93-9g85
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-de1j-4qwd-duab |
|
| 9 |
| url |
VCID-df1y-n1s8-x3g4 |
| vulnerability_id |
VCID-df1y-n1s8-x3g4 |
| summary |
Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34772 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02806 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02901 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02908 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02855 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02839 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34772 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
| url |
pkg:npm/electron@41.0.0-beta.7 |
| purl |
pkg:npm/electron@41.0.0-beta.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2h5f-hwjw-77dp |
|
| 1 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 2 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 3 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 4 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 5 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 6 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 7 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 8 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 9 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7 |
|
|
| aliases |
CVE-2026-34772, GHSA-9w97-2464-8783
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-df1y-n1s8-x3g4 |
|
| 10 |
| url |
VCID-egxx-avtf-ekah |
| vulnerability_id |
VCID-egxx-avtf-ekah |
| summary |
Electron: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34777 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00381 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00385 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00387 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00382 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.0038 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34777 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34777, GHSA-r5p7-gp4j-qhrx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-egxx-avtf-ekah |
|
| 11 |
| url |
VCID-hzte-vg4j-cbgt |
| vulnerability_id |
VCID-hzte-vg4j-cbgt |
| summary |
Electron vulnerable to Heap Buffer Overflow in NativeImage
The `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-46993 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.1468 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14585 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14562 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14645 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14686 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-46993 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:npm/electron@28.3.2 |
| purl |
pkg:npm/electron@28.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 8 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 9 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@28.3.2 |
|
| 1 |
| url |
pkg:npm/electron@29.3.3 |
| purl |
pkg:npm/electron@29.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 8 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 9 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 10 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 11 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 12 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 13 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 14 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 15 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 16 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@29.3.3 |
|
| 2 |
| url |
pkg:npm/electron@30.0.3 |
| purl |
pkg:npm/electron@30.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-3wxh-7cvs-g3et |
|
| 2 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 3 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 4 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 5 |
| vulnerability |
VCID-6vad-u5vg-dba5 |
|
| 6 |
| vulnerability |
VCID-7c28-bmu2-qbcs |
|
| 7 |
| vulnerability |
VCID-9x1q-7ngy-jyhw |
|
| 8 |
| vulnerability |
VCID-df1y-n1s8-x3g4 |
|
| 9 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 10 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 11 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 12 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 13 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 14 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 15 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 16 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
| 17 |
| vulnerability |
VCID-zzcf-uus6-rqa8 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3 |
|
|
| aliases |
CVE-2024-46993, GHSA-6r2x-8pq8-9489
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hzte-vg4j-cbgt |
|
| 12 |
|
| 13 |
|
| 14 |
| url |
VCID-pjqf-nps2-7yhc |
| vulnerability_id |
VCID-pjqf-nps2-7yhc |
| summary |
electron: Electron: Arbitrary code execution via unquoted path in Run registry key |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34768 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00322 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00328 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.0033 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00323 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
6e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00321 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34768 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34768, GHSA-jfqx-fxh3-c62j
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqf-nps2-7yhc |
|
| 15 |
| url |
VCID-qs5f-9ftk-fben |
| vulnerability_id |
VCID-qs5f-9ftk-fben |
| summary |
electron: Electron: Arbitrary code execution or information disclosure via incorrect window handling |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34765 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07544 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07595 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07605 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07583 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00025 |
| scoring_system |
epss |
| scoring_elements |
0.07535 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34765 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34765, GHSA-f3pv-wv63-48x8
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qs5f-9ftk-fben |
|
| 16 |
| url |
VCID-t1uc-59dn-j3gd |
| vulnerability_id |
VCID-t1uc-59dn-j3gd |
| summary |
Electron: Use-after-free in PowerMonitor on Windows and macOS
### Impact
Apps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.
All apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.
### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.
### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org) |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34770 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02855 |
| published_at |
2026-06-07T12:55:00Z |
|
| 1 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02806 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02839 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02901 |
| published_at |
2026-06-05T12:55:00Z |
|
| 4 |
| value |
0.00014 |
| scoring_system |
epss |
| scoring_elements |
0.02908 |
| published_at |
2026-06-06T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34770 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34770, GHSA-jjp3-mq3x-295m
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t1uc-59dn-j3gd |
|
| 17 |
| url |
VCID-wfx6-9nh3-quar |
| vulnerability_id |
VCID-wfx6-9nh3-quar |
| summary |
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
### Impact
On macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.
Apps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.
### Workarounds
There are no app side workarounds, developers must update to a patched version of Electron.
### Fixed Versions
* `41.0.0-beta.8`
* `40.8.0`
* `39.8.1`
* `38.8.6`
### For more information
If there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org) |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34779 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01182 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01181 |
| published_at |
2026-06-09T12:55:00Z |
|
| 2 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.0118 |
| published_at |
2026-06-08T12:55:00Z |
|
| 3 |
| value |
0.0001 |
| scoring_system |
epss |
| scoring_elements |
0.01183 |
| published_at |
2026-06-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34779 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34779, GHSA-5rqw-r77c-jp79
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfx6-9nh3-quar |
|
| 18 |
| url |
VCID-x7he-eg8d-g7hj |
| vulnerability_id |
VCID-x7he-eg8d-g7hj |
| summary |
Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34775 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02102 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02125 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02132 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02122 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02109 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34775 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-34775, GHSA-xwr5-m59h-vwqr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x7he-eg8d-g7hj |
|
| 19 |
| url |
VCID-zzcf-uus6-rqa8 |
| vulnerability_id |
VCID-zzcf-uus6-rqa8 |
| summary |
electron: Electron: Memory corruption or application crash via use-after-free in permission request handling |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34771 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04549 |
| published_at |
2026-06-09T12:55:00Z |
|
| 1 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.0459 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04577 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04564 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00017 |
| scoring_system |
epss |
| scoring_elements |
0.04529 |
| published_at |
2026-06-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-34771 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:npm/electron@39.8.0 |
| purl |
pkg:npm/electron@39.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-5w4g-q3st-m7hf |
|
| 4 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 5 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 6 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 7 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 8 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 9 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 10 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 11 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 12 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@39.8.0 |
|
| 2 |
| url |
pkg:npm/electron@40.7.0 |
| purl |
pkg:npm/electron@40.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2kk5-3p41-kycs |
|
| 1 |
| vulnerability |
VCID-4u89-87dg-zqdt |
|
| 2 |
| vulnerability |
VCID-5cmc-cnnq-xyhw |
|
| 3 |
| vulnerability |
VCID-egxx-avtf-ekah |
|
| 4 |
| vulnerability |
VCID-j8e6-q6j5-tyf8 |
|
| 5 |
| vulnerability |
VCID-jy1k-8gy7-pkb7 |
|
| 6 |
| vulnerability |
VCID-p1m4-3gu6-zffw |
|
| 7 |
| vulnerability |
VCID-pjqf-nps2-7yhc |
|
| 8 |
| vulnerability |
VCID-qs5f-9ftk-fben |
|
| 9 |
| vulnerability |
VCID-t1uc-59dn-j3gd |
|
| 10 |
| vulnerability |
VCID-wfx6-9nh3-quar |
|
| 11 |
| vulnerability |
VCID-x7he-eg8d-g7hj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0 |
|
| 3 |
|
|
| aliases |
CVE-2026-34771, GHSA-8337-3p73-46f4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zzcf-uus6-rqa8 |
|