{"url":"http://public2.vulnerablecode.io/api/packages/73791?format=json","purl":"pkg:npm/electron@1.8.0","type":"npm","namespace":"","name":"electron","version":"1.8.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.8.2-beta.4","latest_non_vulnerable_version":"27.0.0-beta.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12098?format=json","vulnerability_id":"VCID-pdz4-dhj4-d7fh","summary":"Remote Code Execution (Windows)\nGitHub Electron has a vulnerability in the protocol handler.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000006","reference_id":"","reference_type":"","scores":[{"value":"0.92322","scoring_system":"epss","scoring_elements":"0.99737","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000006"},{"reference_url":"https://electronjs.org/blog/protocol-handler-fix","reference_id":"","reference_type":"","scores":[],"url":"https://electronjs.org/blog/protocol-handler-fix"},{"reference_url":"https://github.com/electron/electron/releases/tag/v1.8.2-beta.4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/releases/tag/v1.8.2-beta.4"},{"reference_url":"https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374","reference_id":"","reference_type":"","scores":[],"url":"https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374"},{"reference_url":"https://www.exploit-db.com/exploits/43899/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43899/"},{"reference_url":"https://www.exploit-db.com/exploits/44357/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44357/"},{"reference_url":"https://www.npmjs.com/advisories/563","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/563"},{"reference_url":"http://www.securityfocus.com/bid/102796","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102796"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000006","reference_id":"CVE-2018-1000006","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000006"},{"reference_url":"https://github.com/advisories/GHSA-w222-53c6-c86p","reference_id":"GHSA-w222-53c6-c86p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w222-53c6-c86p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73793?format=json","purl":"pkg:npm/electron@1.8.2-beta.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.2-beta.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53912?format=json","purl":"pkg:npm/electron@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rf9p-9byw-fqa7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.3"}],"aliases":["CVE-2018-1000006","GHSA-w222-53c6-c86p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdz4-dhj4-d7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12900?format=json","vulnerability_id":"VCID-qm1u-4g31-t7gh","summary":"Insecure Default Initialization of Resource\nGitHub Electron is affected by a `WebPreferences` vulnerability that can be leveraged to perform remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15685","reference_id":"","reference_type":"","scores":[{"value":"0.12681","scoring_system":"epss","scoring_elements":"0.94098","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-15685"},{"reference_url":"https://electronjs.org/blog/web-preferences-fix","reference_id":"","reference_type":"","scores":[],"url":"https://electronjs.org/blog/web-preferences-fix"},{"reference_url":"https://github.com/electron/electron/commit/519a02d8d4d28e8a467acb40fb26172a80c9454f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/commit/519a02d8d4d28e8a467acb40fb26172a80c9454f"},{"reference_url":"https://github.com/electron/electron/commit/80221e52d93a96ea704cb6748ead669c55cff504","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/commit/80221e52d93a96ea704cb6748ead669c55cff504"},{"reference_url":"https://github.com/electron/electron/commit/bab968ca776be28791e4dddfd50c86bd5fae62fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/commit/bab968ca776be28791e4dddfd50c86bd5fae62fa"},{"reference_url":"https://github.com/electron/electron/commit/ef0a6d9a1c96efc4657c6dd3a6624eba969f095b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/commit/ef0a6d9a1c96efc4657c6dd3a6624eba969f095b"},{"reference_url":"https://www.exploit-db.com/exploits/45272/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/45272/"},{"reference_url":"https://www.npmjs.com/advisories/732","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/732"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15685","reference_id":"CVE-2018-15685","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15685"},{"reference_url":"https://www.contrastsecurity.com/security-influencers/cve-2018-15685","reference_id":"CVE-2018-15685","reference_type":"","scores":[],"url":"https://www.contrastsecurity.com/security-influencers/cve-2018-15685"},{"reference_url":"https://github.com/advisories/GHSA-hv9c-qwqg-qj3v","reference_id":"GHSA-hv9c-qwqg-qj3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hv9c-qwqg-qj3v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55388?format=json","purl":"pkg:npm/electron@1.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/55389?format=json","purl":"pkg:npm/electron@2.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@2.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73859?format=json","purl":"pkg:npm/electron@3.0.0-beta.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@3.0.0-beta.7"},{"url":"http://public2.vulnerablecode.io/api/packages/55390?format=json","purl":"pkg:npm/electron@3.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@3.0.0"}],"aliases":["CVE-2018-15685","GHSA-hv9c-qwqg-qj3v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm1u-4g31-t7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12239?format=json","vulnerability_id":"VCID-rf9p-9byw-fqa7","summary":"Code Execution by Re-enabling Node.js integration\nElectron contains an improper handling of values vulnerability in Webviews that can result in remote code execution. .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000136","reference_id":"","reference_type":"","scores":[{"value":"0.01407","scoring_system":"epss","scoring_elements":"0.80794","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000136"},{"reference_url":"https://electronjs.org/blog/webview-fix","reference_id":"","reference_type":"","scores":[],"url":"https://electronjs.org/blog/webview-fix"},{"reference_url":"https://github.com/electron/electron/commit/1a48ee28276e6588dbf4e70e58d78e7bfdc57043","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/commit/1a48ee28276e6588dbf4e70e58d78e7bfdc57043"},{"reference_url":"https://github.com/electron/electron/pull/12271","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/12271"},{"reference_url":"https://github.com/electron/electron/pull/12292","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/12292"},{"reference_url":"https://github.com/electron/electron/pull/12294","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/electron/electron/pull/12294"},{"reference_url":"https://www.electronjs.org/blog/webview-fix","reference_id":"","reference_type":"","scores":[],"url":"https://www.electronjs.org/blog/webview-fix"},{"reference_url":"https://www.npmjs.com/advisories/574","reference_id":"","reference_type":"","scores":[],"url":"https://www.npmjs.com/advisories/574"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000136","reference_id":"CVE-2018-1000136","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000136"},{"reference_url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/","reference_id":"CVE-2018-1000136---ELECTRON-NODEINTEGRATION-BYPASS","reference_type":"","scores":[],"url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/"},{"reference_url":"https://github.com/advisories/GHSA-8xwg-wv7v-4vqp","reference_id":"GHSA-8xwg-wv7v-4vqp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xwg-wv7v-4vqp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54217?format=json","purl":"pkg:npm/electron@1.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54218?format=json","purl":"pkg:npm/electron@2.0.0-beta.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@2.0.0-beta.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73801?format=json","purl":"pkg:npm/electron@2.0.0-beta.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@2.0.0-beta.5"}],"aliases":["CVE-2018-1000136","GHSA-8xwg-wv7v-4vqp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rf9p-9byw-fqa7"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@1.8.0"}