{"url":"http://public2.vulnerablecode.io/api/packages/979419?format=json","purl":"pkg:npm/electron@40.2.1","type":"npm","namespace":"","name":"electron","version":"40.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"40.8.5","latest_non_vulnerable_version":"42.0.0-alpha.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6752?format=json","vulnerability_id":"VCID-2keb-x1ty-8uat","summary":"Electron: Electron: Denial of Service via malformed clipboard image data","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34781","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00317","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34781"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/commit/a48f03fb8d03933547281ddb2dbb6c6b9e705287"},{"reference_url":"https://github.com/electron/electron/pull/50475","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/pull/50475"},{"reference_url":"https://github.com/electron/electron/releases/tag/v39.8.5","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v39.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v40.8.5","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v40.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v41.1.0","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v41.1.0"},{"reference_url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-08T16:10:12Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-f37v-82c4-4x64"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34781","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456279","reference_id":"2456279","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456279"},{"reference_url":"https://github.com/advisories/GHSA-f37v-82c4-4x64","reference_id":"GHSA-f37v-82c4-4x64","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f37v-82c4-4x64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49957?format=json","purl":"pkg:npm/electron@40.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/49960?format=json","purl":"pkg:npm/electron@41.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49970?format=json","purl":"pkg:npm/electron@42.0.0-alpha.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5"}],"aliases":["CVE-2026-34781","GHSA-f37v-82c4-4x64"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2keb-x1ty-8uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16096?format=json","vulnerability_id":"VCID-2wh9-gwvs-w7de","summary":"Electron: AppleScript injection in app.moveToApplicationsFolder on macOS\n### Impact\nOn macOS, `app.moveToApplicationsFolder()` used an AppleScript fallback path that did not properly handle certain characters in the application bundle path. Under specific conditions, a crafted launch path could lead to arbitrary AppleScript execution when the user accepted the move-to-Applications prompt.\n\nApps are only affected if they call `app.moveToApplicationsFolder()`. Apps that do not use this API are not affected.\n\n### Workarounds\nThere are no app side workarounds, developers must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34779","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01177","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34779"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:50Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-5rqw-r77c-jp79"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34779","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34779"},{"reference_url":"https://github.com/advisories/GHSA-5rqw-r77c-jp79","reference_id":"GHSA-5rqw-r77c-jp79","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5rqw-r77c-jp79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47444?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47445?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34779","GHSA-5rqw-r77c-jp79"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wh9-gwvs-w7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6895?format=json","vulnerability_id":"VCID-39bj-4jxj-vfcd","summary":"Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34772","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0296","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34772"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:27:31Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9w97-2464-8783"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34772","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34772"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455005","reference_id":"2455005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455005"},{"reference_url":"https://github.com/advisories/GHSA-9w97-2464-8783","reference_id":"GHSA-9w97-2464-8783","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9w97-2464-8783"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-2wh9-gwvs-w7de"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-nu1t-cwrv-sqcx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-sv4z-1stx-cba6"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/46570?format=json","purl":"pkg:npm/electron@41.0.0-beta.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-2wh9-gwvs-w7de"},{"vulnerability":"VCID-3p9m-snfr-ckdu"},{"vulnerability":"VCID-4sm1-hzbp-zydw"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-7yd4-qkmc-a7ft"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-nb2y-xsnc-zyba"},{"vulnerability":"VCID-nu1t-cwrv-sqcx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-sv4z-1stx-cba6"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.7"}],"aliases":["CVE-2026-34772","GHSA-9w97-2464-8783"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39bj-4jxj-vfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6888?format=json","vulnerability_id":"VCID-3p9m-snfr-ckdu","summary":"electron: Electron: Context Isolation bypass via VideoFrame object transfer","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34780.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34780","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01914","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34780"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:49:13Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-jfqg-hf23-qpw2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34780","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34780"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455020","reference_id":"2455020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455020"},{"reference_url":"https://github.com/advisories/GHSA-jfqg-hf23-qpw2","reference_id":"GHSA-jfqg-hf23-qpw2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jfqg-hf23-qpw2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-2wh9-gwvs-w7de"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-nu1t-cwrv-sqcx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-sv4z-1stx-cba6"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47445?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34780","GHSA-jfqg-hf23-qpw2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3p9m-snfr-ckdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6900?format=json","vulnerability_id":"VCID-4sm1-hzbp-zydw","summary":"Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34769","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00772","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34769"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:34:49Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9wfr-w7mm-pc7f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34769","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34769"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455004","reference_id":"2455004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455004"},{"reference_url":"https://github.com/advisories/GHSA-9wfr-w7mm-pc7f","reference_id":"GHSA-9wfr-w7mm-pc7f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9wfr-w7mm-pc7f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-2wh9-gwvs-w7de"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-nu1t-cwrv-sqcx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-sv4z-1stx-cba6"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47445?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34769","GHSA-9wfr-w7mm-pc7f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sm1-hzbp-zydw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6863?format=json","vulnerability_id":"VCID-5amq-7pw8-ufbs","summary":"Electron: Electron: Memory corruption or crash due to use-after-free in offscreen rendering with shared textures.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34764.json","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34764","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04984","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34764"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T15:47:38Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-8x5q-pvf5-64mp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34764","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455466","reference_id":"2455466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455466"},{"reference_url":"https://github.com/advisories/GHSA-8x5q-pvf5-64mp","reference_id":"GHSA-8x5q-pvf5-64mp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8x5q-pvf5-64mp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49957?format=json","purl":"pkg:npm/electron@40.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/49960?format=json","purl":"pkg:npm/electron@41.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49970?format=json","purl":"pkg:npm/electron@42.0.0-alpha.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5"}],"aliases":["CVE-2026-34764","GHSA-8x5q-pvf5-64mp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5amq-7pw8-ufbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6898?format=json","vulnerability_id":"VCID-5ubr-1u28-myea","summary":"electron: Electron: HTTP Response Header Injection via attacker-controlled input","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34767","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01597","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34767"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:46Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-4p4r-m79c-wq3v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34767","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455000","reference_id":"2455000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455000"},{"reference_url":"https://github.com/advisories/GHSA-4p4r-m79c-wq3v","reference_id":"GHSA-4p4r-m79c-wq3v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4p4r-m79c-wq3v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50615?format=json","purl":"pkg:npm/electron@40.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/50616?format=json","purl":"pkg:npm/electron@41.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.3"}],"aliases":["CVE-2026-34767","GHSA-4p4r-m79c-wq3v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ubr-1u28-myea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6892?format=json","vulnerability_id":"VCID-6gw3-vnmy-e7cm","summary":"Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34775","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02131","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34775"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:52:56Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34775","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455023","reference_id":"2455023","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455023"},{"reference_url":"https://github.com/advisories/GHSA-xwr5-m59h-vwqr","reference_id":"GHSA-xwr5-m59h-vwqr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xwr5-m59h-vwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44594?format=json","purl":"pkg:npm/electron@40.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/44595?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34775","GHSA-xwr5-m59h-vwqr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gw3-vnmy-e7cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6896?format=json","vulnerability_id":"VCID-7yd4-qkmc-a7ft","summary":"electron: Electron: Memory corruption or application crash via use-after-free in permission request handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34771","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04697","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34771"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T16:04:11Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-8337-3p73-46f4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34771","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34771"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454995","reference_id":"2454995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454995"},{"reference_url":"https://github.com/advisories/GHSA-8337-3p73-46f4","reference_id":"GHSA-8337-3p73-46f4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8337-3p73-46f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-2wh9-gwvs-w7de"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-nu1t-cwrv-sqcx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-sv4z-1stx-cba6"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47445?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34771","GHSA-8337-3p73-46f4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7yd4-qkmc-a7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6893?format=json","vulnerability_id":"VCID-f3np-yfxu-kkch","summary":"Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34774","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05709","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34774"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T15:28:41Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-532v-xpq5-8h95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34774","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455026","reference_id":"2455026","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455026"},{"reference_url":"https://github.com/advisories/GHSA-532v-xpq5-8h95","reference_id":"GHSA-532v-xpq5-8h95","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-532v-xpq5-8h95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-2wh9-gwvs-w7de"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-nu1t-cwrv-sqcx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-sv4z-1stx-cba6"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/44595?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34774","GHSA-532v-xpq5-8h95"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3np-yfxu-kkch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6891?format=json","vulnerability_id":"VCID-fc35-txd2-n3fx","summary":"Electron: Electron: Information disclosure via crafted second-instance message","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34776","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01739","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34776"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:31:24Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-3c8v-cfp5-9885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34776","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455021","reference_id":"2455021","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455021"},{"reference_url":"https://github.com/advisories/GHSA-3c8v-cfp5-9885","reference_id":"GHSA-3c8v-cfp5-9885","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3c8v-cfp5-9885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44750?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/44595?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34776","GHSA-3c8v-cfp5-9885"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fc35-txd2-n3fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6899?format=json","vulnerability_id":"VCID-nb2y-xsnc-zyba","summary":"Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34766","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01083","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34766"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:07:01Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-9899-m83m-qhpj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34766","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34766"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454998","reference_id":"2454998","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454998"},{"reference_url":"https://github.com/advisories/GHSA-9899-m83m-qhpj","reference_id":"GHSA-9899-m83m-qhpj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9899-m83m-qhpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46568?format=json","purl":"pkg:npm/electron@40.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-2wh9-gwvs-w7de"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-nu1t-cwrv-sqcx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-sv4z-1stx-cba6"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47445?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34766","GHSA-9899-m83m-qhpj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nb2y-xsnc-zyba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6897?format=json","vulnerability_id":"VCID-nu1t-cwrv-sqcx","summary":"electron: Electron: Arbitrary code execution via unquoted path in Run registry key","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34768","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00458","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34768"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T19:08:45Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-jfqx-fxh3-c62j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34768","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34768"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454996","reference_id":"2454996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454996"},{"reference_url":"https://github.com/advisories/GHSA-jfqx-fxh3-c62j","reference_id":"GHSA-jfqx-fxh3-c62j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jfqx-fxh3-c62j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47444?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47445?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34768","GHSA-jfqx-fxh3-c62j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nu1t-cwrv-sqcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6753?format=json","vulnerability_id":"VCID-qm2b-y2xm-ufcz","summary":"electron: Electron: Arbitrary code execution or information disclosure via incorrect window handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34765","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07712","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34765"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/releases/tag/v39.8.5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v39.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v40.8.5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v40.8.5"},{"reference_url":"https://github.com/electron/electron/releases/tag/v41.1.0","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v41.1.0"},{"reference_url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron/releases/tag/v42.0.0-alpha.5"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:56:10Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-f3pv-wv63-48x8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34765","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34765"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456278","reference_id":"2456278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456278"},{"reference_url":"https://github.com/advisories/GHSA-f3pv-wv63-48x8","reference_id":"GHSA-f3pv-wv63-48x8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f3pv-wv63-48x8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49957?format=json","purl":"pkg:npm/electron@40.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.5"},{"url":"http://public2.vulnerablecode.io/api/packages/49960?format=json","purl":"pkg:npm/electron@41.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/49970?format=json","purl":"pkg:npm/electron@42.0.0-alpha.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@42.0.0-alpha.5"}],"aliases":["CVE-2026-34765","GHSA-f3pv-wv63-48x8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm2b-y2xm-ufcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6890?format=json","vulnerability_id":"VCID-sfs6-eem9-kkd7","summary":"Electron: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34777","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00377","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34777"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:32:48Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-r5p7-gp4j-qhrx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34777","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34777"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455022","reference_id":"2455022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455022"},{"reference_url":"https://github.com/advisories/GHSA-r5p7-gp4j-qhrx","reference_id":"GHSA-r5p7-gp4j-qhrx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r5p7-gp4j-qhrx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44750?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/44595?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34777","GHSA-r5p7-gp4j-qhrx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfs6-eem9-kkd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16777?format=json","vulnerability_id":"VCID-sv4z-1stx-cba6","summary":"Electron: Use-after-free in PowerMonitor on Windows and macOS\n### Impact\nApps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption.\n\nAll apps that access `powerMonitor` events (`suspend`, `resume`, `lock-screen`, etc.) are potentially affected. The issue is not directly renderer-controllable.\n\n### Workarounds\nThere are no app side workarounds, you must update to a patched version of Electron.\n\n### Fixed Versions\n* `41.0.0-beta.8`\n* `40.8.0`\n* `39.8.1`\n* `38.8.6`\n\n### For more information\nIf there are any questions or comments about this advisory, please email [security@electronjs.org](mailto:security@electronjs.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34770","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0296","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34770"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-06T19:09:58Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-jjp3-mq3x-295m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34770","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34770"},{"reference_url":"https://github.com/advisories/GHSA-jjp3-mq3x-295m","reference_id":"GHSA-jjp3-mq3x-295m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jjp3-mq3x-295m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47444?format=json","purl":"pkg:npm/electron@40.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/47445?format=json","purl":"pkg:npm/electron@41.0.0-beta.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-f3np-yfxu-kkch"},{"vulnerability":"VCID-fc35-txd2-n3fx"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"},{"vulnerability":"VCID-sfs6-eem9-kkd7"},{"vulnerability":"VCID-tbtz-qm3p-qkew"},{"vulnerability":"VCID-zqp2-ye81-t7d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0-beta.8"}],"aliases":["CVE-2026-34770","GHSA-jjp3-mq3x-295m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sv4z-1stx-cba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6889?format=json","vulnerability_id":"VCID-tbtz-qm3p-qkew","summary":"Electron: Electron: Integrity issue due to IPC channel spoofing by a service worker","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34778","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00455","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34778"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:50:39Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-xj5x-m3f3-5x3h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34778","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34778"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455024","reference_id":"2455024","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455024"},{"reference_url":"https://github.com/advisories/GHSA-xj5x-m3f3-5x3h","reference_id":"GHSA-xj5x-m3f3-5x3h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xj5x-m3f3-5x3h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44750?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/44595?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34778","GHSA-xj5x-m3f3-5x3h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbtz-qm3p-qkew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6894?format=json","vulnerability_id":"VCID-zqp2-ye81-t7d7","summary":"electron: Electron: Protocol handler hijacking via improper validation of protocol names","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34773","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06823","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34773"},{"reference_url":"https://github.com/electron/electron","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/electron/electron"},{"reference_url":"https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:03:47Z/"}],"url":"https://github.com/electron/electron/security/advisories/GHSA-mwmh-mq4g-g6gr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34773","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455025","reference_id":"2455025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455025"},{"reference_url":"https://github.com/advisories/GHSA-mwmh-mq4g-g6gr","reference_id":"GHSA-mwmh-mq4g-g6gr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mwmh-mq4g-g6gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44750?format=json","purl":"pkg:npm/electron@40.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-6gw3-vnmy-e7cm"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/44595?format=json","purl":"pkg:npm/electron@41.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2keb-x1ty-8uat"},{"vulnerability":"VCID-5amq-7pw8-ufbs"},{"vulnerability":"VCID-5ubr-1u28-myea"},{"vulnerability":"VCID-qm2b-y2xm-ufcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@41.0.0"}],"aliases":["CVE-2026-34773","GHSA-mwmh-mq4g-g6gr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqp2-ye81-t7d7"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/electron@40.2.1"}