VulnerableCode Package Details - pkg:npm/electron@28.3.2

Search for packages

Package details: pkg:npm/electron@28.3.2

Essentials
History (3)

purl	pkg:npm/electron@28.3.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-2zn4-vrk9-1qhv	Electron vulnerable to Heap Buffer Overflow in NativeImage ### Impact The `nativeImage.createFromPath()` and `nativeImage.createFromBuffer()` functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents. ### Workaround There are no app-side workarounds for this issue. You must update your Electron version to be protected. ### Patches - `v28.3.2` - `v29.3.3` - `v30.0.3` ### For More Information If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org).	CVE-2024-46993 GHSA-6r2x-8pq8-9489

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-03T13:02:37.977153+00:00	GHSA Importer	Fixing	VCID-2zn4-vrk9-1qhv	https://github.com/advisories/GHSA-6r2x-8pq8-9489	37.0.0
2025-08-01T11:20:34.443682+00:00	GitLab Importer	Fixing	VCID-2zn4-vrk9-1qhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/electron/CVE-2024-46993.yml	37.0.0
2025-07-31T08:39:10.416588+00:00	GithubOSV Importer	Fixing	VCID-2zn4-vrk9-1qhv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-6r2x-8pq8-9489/GHSA-6r2x-8pq8-9489.json	37.0.0