Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm electron Security Advisories
Loading...
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 months ago
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 months ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: 7 months ago
GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC
Electron affected by libvpx's heap buffer overflow in vp8 encodingEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: 7 months ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 8 months ago
GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg
Electron vulnerable to out-of-package code execution when launched with arbitrary cwdEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return valueEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: 8 months ago
GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabledEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: 8 months ago
Critical
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: over 1 year ago
GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPUEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 1 year ago
GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirectEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt
AutoUpdater module fails to validate certain nested components of the bundleEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabledEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 2 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: almost 2 years ago
GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R
Electron vulnerable to remote command executionEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: almost 2 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage APIEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 3 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0
Unpreventable top-level navigationEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht
Arbitrary file read via window-open IPC in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 4 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn
Context isolation bypass via contextBridge in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 4 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5
Context isolation bypass via leaked cross-context objects in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: almost 4 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn
Context isolation bypass via Promise in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 4 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2
Electron webPreferences vulnerability can be used to perform remote code executionEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw
Chromium Remote Code Execution in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: almost 6 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command InjectionEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 6 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw
Electron Vulnerable to Code Execution by Re-Enabling Node.js IntegrationEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 6 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw
Remote Code Execution in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: over 6 years ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3
High severity vulnerability that affects electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: over 6 years ago
Statistics
Advisories: 17,986
Packages: 8,213
Repositories: 3
Ecosystems: 12
Packages: 8,213
Repositories: 3
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
directus
16
sequelize
16
ghost
14
tinymce
14
swagger-ui
14
ckeditor4
13
next
13
joplin
13
strapi
13
vm2
12
undici
12
marked
11
nodebb
11
angular
11
handlebars
11
tinymce/tinymce
9
TinyMCE
9
serve
9
@evershop/evershop
9
org.webjars.npm:jquery
9
jquery-rails
9
next-auth
9
jquery
9
node-forge
8
bootstrap
8
editor.md
8
steal
8
jsrsasign
8
validator
8
tar
8
url-parse
8
@strapi/strapi
8
express-cart
8
npm
8
matrix-js-sdk
8
urijs
8
jQuery
8
systeminformation
8
hermes-engine
7
lodash
7
hapi
7
matrix-react-sdk
7
shescape
7
jQuery.UI.Combined
7
org.webjars.npm:jquery-ui
7
jquery-ui-rails
7
total.js
7
jquery-ui
7
matrix-appservice-irc
7
snyk-broker
7
nocodb
7
sanitize-html
7
aaptjs
6
parse-url
6
safe-eval
6
rsshub
6
dojo
5
mongoose
5
prismjs
5
xlsx
5
sweetalert2
5
openpgp
5
keystone
5
total4
5
yarn
5
uptime-kuma
5
public
5
ua-parser-js
5
@strapi/plugin-users-permissions
5
rendertron
5
vite
5
lodash-es
5
follow-redirects
4
mysql2
4
generator-jhipster
4
@backstage/plugin-scaffolder-backend
4
axios
4
meshcentral
4
simple-markdown
4
@keystone-6/core
4
safer-eval
4
moment
4
vditor
4
convert-svg-core
4
ecstatic
4
mermaid
4
dompurify
4
apostrophe
4
vega
4
valine
4
muhammara
4
mongo-express
4
hummus
4
remarkable
4
jsonwebtoken
4
fastify
4
ejs
4
glance
4
materialize-css
4
qs
4
simple-git
4
ws
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
auth0-lock
4
katex
4
auth0-js
4
realms-shim
4
apollo-server-core
4
engine.io
4
m-server
3
jointjs
3
passport-wsfed-saml2
3
node-red-dashboard
3
buttle
3
n8n
3
browserify-shim
3
code-server
3
locutus
3
xmldom
3
postcss
3
@cubejs-backend/api-gateway
3
node-opcua
3
jquery-validation
3
keycloak-connect
3
serialize-to-js
3
@strapi/utils
3
slp-validate
3
nodemailer
3
lodash.defaultsdeep
3
socket.io-file
3
codecov
3
typeorm
3
@backstage/techdocs-common
3
js-yaml
3
loader-utils
3
slpjs
3
grunt
3
mathjs
3
dns-sync
3
node-ipc
3
feathers-sequelize
3
node-jose
3
object-path
3
jspdf
3
protobufjs
3
http-live-simulator
3
uap-core
3
socket.io-parser
3
notevil
3
ses
3
org.webjars.npm:xlsx
3
apollo-server
3
xdLocalStorage
3
raneto
3
renovate
3
@soketi/soketi
3
ids-enterprise
3
@materializecss/materialize
3
node-fetch
3
express-fileupload
3
highcharts
3
openmct
3
jose-node-cjs-runtime
3
stimulsoft-dashboards-js
3
jose-node-esm-runtime
3
sails
3
mxgraph
3
@commercial/subtext
3
mixme
3
docsify
3
blamer
3
jose
3
localhost-now
3
fuxa-server
3
simplehttpserver
3
bootstrap
3
parsel
3
convict
3
dojox
3
nadesiko3
3
@uppy/companion
3
json-ptr
3
connect
3
tough-cookie
3
@sequelize/core
3
fast-xml-parser
3
@sveltejs/kit
3
wrangler
3
mysql
3
immer
3
bson
3
bin-links
3
snyk
3
llhttp
3
Filter by Repository