Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm electron Security Advisories
Browse all Security Advisories for npm electron
Loading...
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 12 months ago
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 12 months ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 1 year ago
GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC
Electron affected by libvpx's heap buffer overflow in vp8 encodingEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 1 year ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: about 1 year ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 1 year ago
GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg
Electron vulnerable to out-of-package code execution when launched with arbitrary cwdEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 year ago
GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return valueEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 year ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: about 1 year ago
GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabledEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: almost 2 years ago
GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPUEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 2 years ago
GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirectEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt
AutoUpdater module fails to validate certain nested components of the bundleEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 2 years ago
GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabledEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 2 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 2 years ago
GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R
Electron vulnerable to remote command executionEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 2 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 2 years ago
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: about 3 years ago
GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage APIEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 4 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 4 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0
Unpreventable top-level navigationEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht
Arbitrary file read via window-open IPC in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 4 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn
Context isolation bypass via contextBridge in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 4 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5
Context isolation bypass via leaked cross-context objects in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: over 4 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn
Context isolation bypass via Promise in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 4 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2
Electron webPreferences vulnerability can be used to perform remote code executionEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 6 years ago
Critical
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw
Chromium Remote Code Execution in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: over 6 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command InjectionEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: over 6 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw
Electron Vulnerable to Code Execution by Re-Enabling Node.js IntegrationEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 6 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: almost 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw
Remote Code Execution in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: almost 7 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: about 7 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3
High severity vulnerability that affects electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: about 7 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 3
Ecosystems: 12
Packages: 9,040
Repositories: 3
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
31
directus
26
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
next
18
tinymce
16
sequelize
16
ckeditor4
15
ghost
15
joplin
14
swagger-ui
14
strapi
13
angular
13
undici
13
nodebb
12
vm2
12
handlebars
11
bootstrap
11
marked
11
tinymce/tinymce
11
matrix-js-sdk
11
TinyMCE
11
nocodb
10
flowise
10
bootstrap
9
twbs/bootstrap
9
org.webjars:bootstrap
9
bootstrap
9
serve
9
@strapi/strapi
9
@evershop/evershop
9
matrix-react-sdk
9
next-auth
9
tar
8
jquery-rails
8
urijs
8
express-cart
8
systeminformation
8
matrix-appservice-irc
8
org.webjars.npm:jquery
8
steal
8
jsrsasign
8
validator
8
npm
8
node-forge
8
jquery
8
editor.md
8
url-parse
8
jquery-ui
7
jQuery
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
vite
7
bootstrap.sass
7
bootstrap-sass
7
jQuery.UI.Combined
7
dompurify
7
hapi
7
sanitize-html
7
uptime-kuma
7
shescape
7
hermes-engine
7
total.js
7
snyk-broker
7
elliptic
7
lodash
7
parse-url
6
aaptjs
6
safe-eval
6
@strapi/plugin-users-permissions
6
bootstrap-sass
6
rsshub
6
total4
5
dojo
5
@saltcorn/server
5
prismjs
5
openpgp
5
ua-parser-js
5
public
5
axios
5
keystone
5
ws
5
mermaid
5
mongoose
5
sweetalert2
5
rendertron
5
mysql2
5
vditor
5
mattermost-desktop
5
ejs
5
lunary
5
lodash-es
5
xlsx
5
yarn
5
convert-svg-core
4
remarkable
4
moment
4
auth0-lock
4
awsiotsdk
4
follow-redirects
4
materialize-css
4
meshcentral
4
generator-jhipster
4
glance
4
@lobehub/chat
4
valine
4
aws-iot-device-sdk-v2
4
hono
4
engine.io
4
apollo-server-core
4
vega
4
fastify
4
mongo-express
4
auth0-js
4
@keystone-6/core
4
apostrophe
4
@backstage/plugin-scaffolder-backend
4
simple-markdown
4
qs
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
jsonwebtoken
4
simple-git
4
ecstatic
4
hummus
4
realms-shim
4
katex
4
muhammara
4
express
4
fast-xml-parser
4
safer-eval
4
typeorm
3
node-opcua
3
agnai
3
froala-editor
3
stimulsoft-dashboards-js
3
dset
3
serialize-to-js
3
slp-validate
3
json-ptr
3
subtext
3
loader-utils
3
@materializecss/materialize
3
slpjs
3
ag-grid-community
3
mathjs
3
js-yaml
3
postcss
3
statics-server
3
@strapi/plugin-content-manager
3
tough-cookie
3
xdLocalStorage
3
mixme
3
node-jose
3
jose-node-esm-runtime
3
jose-node-cjs-runtime
3
node-red-dashboard
3
localhost-now
3
n8n
3
@backstage/techdocs-common
3
feathers-sequelize
3
uap-core
3
@commercial/subtext
3
libxmljs
3
dojox
3
socket.io-file
3
json-pointer
3
layui
3
docsify
3
mysql
3
@sveltejs/kit
3
@builder.io/qwik
3
notevil
3
grunt
3
fuxa-server
3
ses
3
@jmondi/url-to-png
3
buttle
3
bson
3
xmldom
3
org.webjars.npm:xlsx
3
socket.io
3
mxgraph
3
code-server
3
@janhq/core
3
node-fetch
3
simplehttpserver
3
nadesiko3
3
lodash.defaultsdeep
3
parsel
3
raneto
3
nodemailer
3
http-live-simulator
3
object-path
3
highcharts
3
@vrite/sdk
3
@uppy/companion
3
codecov
3
@hapi/subtext
3
@directus/api
3
Filter by Repository