Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm electron Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTable
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return value
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPU
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt
AutoUpdater module fails to validate certain nested components of the bundle
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R
Electron vulnerable to remote command execution
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0
Unpreventable top-level navigation
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht
Arbitrary file read via window-open IPC in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn
Context isolation bypass via contextBridge in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5
Context isolation bypass via leaked cross-context objects in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn
Context isolation bypass via Promise in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2
Electron webPreferences vulnerability can be used to perform remote code execution
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw
Chromium Remote Code Execution in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command Injection
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw
Remote Code Execution in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3
High severity vulnerability that affects electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: about 6 years ago
Filter by Package
parse-server 27 electron 26 @openzeppelin/contracts-upgradeable 19 @openzeppelin/contracts 18 sequelize 17 marked 16 swagger-ui 14 tinymce 13 handlebars 13 next 13 strapi 13 vm2 12 directus 12 ghost 11 nodebb 11 ckeditor4 11 angular 10 jquery-rails 10 jquery 10 next-auth 9 org.webjars.npm:jquery 9 validator 9 serve 9 systeminformation 8 url-parse 8 node-forge 8 matrix-js-sdk 8 steal 8 urijs 8 joplin 8 @strapi/strapi 8 npm 8 jQuery 8 jquery-ui 8 org.webjars.npm:jquery-ui 8 jQuery.UI.Combined 8 jquery-ui-rails 8 undici 8 editor.md 8 shescape 7 tar 7 nocodb 7 total.js 7 keystone 7 snyk-broker 7 hapi 7 jsrsasign 7 hermes-engine 7 TinyMCE 7 bootstrap 7 tinymce/tinymce 7 lodash 7 matrix-react-sdk 7 matrix-appservice-irc 6 express-cart 6 parse-url 6 safe-eval 6 aaptjs 6 @strapi/plugin-users-permissions 5 sweetalert2 5 generator-jhipster 5 qs 5 rendertron 5 ua-parser-js 5 dojo 5 ecstatic 5 safer-eval 5 dns-sync 5 moment 5 public 5 @sequelize/core 5 jsonwebtoken 5 openpgp 5 lodash-es 5 total4 5 prismjs 5 sanitize-html 5 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 engine.io 4 rsshub 4 simple-git 4 glance 4 axios 4 hummus 4 yarn 4 muhammara 4 apostrophe 4 valine 4 dompurify 4 apollo-server-core 4 protobufjs 4 highcharts 4 is-my-json-valid 4 auth0-js 4 vditor 4 @keystone-6/core 4 xmldom 4 materialize-css 4 ejs 4 sails 4 passport-wsfed-saml2 4 realms-shim 4 mermaid 4 fastify 4 @backstage/plugin-scaffolder-backend 4 ws 4 xlsx 4 remarkable 4 vega 4 auth0-lock 4 simple-markdown 4 mongoose 4 postcss 3 llhttp 3 tough-cookie 3 @strapi/utils 3 snyk 3 xdLocalStorage 3 jwt-simple 3 mixme 3 static-eval 3 jspdf 3 nadesiko3 3 docsify 3 openmct 3 ftp-srv 3 jointjs 3 @frangoteam/fuxa 3 aedes 3 @hapi/subtext 3 subtext 3 node-fetch 3 bin-links 3 node-red-dashboard 3 loader-utils 3 ses 3 apollo-server 3 harp 3 fuxa-server 3 immer 3 socket.io-parser 3 node-opcua 3 vite 3 hekto 3 object-path 3 yapi-vendor 3 mysql 3 json-pointer 3 @uppy/companion 3 minimist 3 slpjs 3 froala-editor 3 blamer 3 convert-svg-core 3 node-ipc 3 grunt 3 code-server 3 mathjs 3 send 3 notevil 3 feathers-sequelize 3 keycloak-connect 3 json-ptr 3 convict 3 mongo-express 3 org.webjars.npm:xlsx 3 @soketi/soketi 3 locutus 3 @backstage/techdocs-common 3 jquery-validation 3 codecov 3 bson 3 socket.io-file 3 @ckeditor/ckeditor5-markdown-gfm 3 n8n 3 uap-core 3 @commercial/subtext 3 parsel 3 express-fileupload 3 http-live-simulator 3 lodash.defaultsdeep 3 buttle 3 @materializecss/materialize 3 serialize-to-js 3 m-server 3 uptime-kuma 3 dojox 3 @vrite/sdk 3 slp-validate 3 localhost-now 3 connect 3 ids-enterprise 3 js-yaml 3 mxgraph 3 uglify-js 3 simplehttpserver 3 https-proxy-agent 3 fast-xml-parser 3 node-jose 3 raneto 3 @apollo/server 3 set-value 2 request 2 @excalidraw/excalidraw 2 simditor 2 cli 2 is-svg 2 merge-deep 2 matrix-appservice-bridge 2 detect-character-encoding 2 fastify-static 2 crypto-js 2 dijit 2 Moment.js 2 pullit 2 bootstrap 2 hawk 2 lazysizes 2 node-rules 2 macaddress 2 http-proxy-agent 2 decal 2 waterline-sequel 2 merge 2 @claviska/jquery-minicolors 2 whereis 2 sshpk 2 jszip 2 @node-red/runtime 2 canvas 2 nunjucks 2 highlight.js 2 sockjs 2 electron-markdownify 2 async-git 2 multi-ini 2 braces 2 @hapi/hoek 2 lodash.merge 2 isolated-vm 2 saml2-js 2 yeoman-genrator 2 json-serializer 2 ibm_db 2 node-saml 2 quill 2 @strapi/admin 2 converse.js 2 loopback 2 set-in 2 jodit 2 @strapi/plugin-content-manager 2 flatmap-stream 2 angular-expressions 2 minimatch 2 jose 2 jose-node-cjs-runtime 2 jose-node-esm-runtime 2 jose-browser-runtime 2 google-closure-library 2 papaparse 2 fs-path 2 mpath 2 moment-timezone 2 @actions/core 2 defaults-deep 2 constantinople 2 html-janitor 2 knockout 2 node-simple-router 2 list-n-stream 2 renovate 2 bootstrap-table 2 tomato 2 @builder.io/qwik 2 shell-quote 2 serve-lite 2 sharp 2 deep-get-set 2 jquery 2 @vendure/core 2 node-static 2 @adobe/css-tools 2 payload 2 bootbox 2 deap 2 @finastra/nestjs-proxy 2 dot 2 crud-file-server 2 fast-string-search 2 serialize-javascript 2 querymen 2 jpeg-js 2 jsuites 2 giting 2 semver-regex 2 ungit 2 mout 2