electron Security Advisories - Npm | Ecosyste.ms: Advisories

Moderate

28 days ago

Electron has ASAR Integrity Bypass via resource modification GSA_kwCzR0hTQS12bXF2LWh4OHEtajdtZ84ABLov

npm electron

Moderate

3 months ago

Electron vulnerable to Heap Buffer Overflow in NativeImage GSA_kwCzR0hTQS02cjJ4LThwcTgtOTQ4Oc4ABJkx

npm electron

High

3 months ago

electron ASAR Integrity bypass by just modifying the content GSA_kwCzR0hTQS14dzVxLWc2MngtMnFqY84ABJkk

npm electron

Moderate

almost 2 years ago

ASAR Integrity bypass via filetype confusion in electron GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-

npm electron

High

about 2 years ago

Electron affected by libvpx's heap buffer overflow in vp8 encoding GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC

npm electron

High

about 2 years ago

libwebp: OOB write in BuildHuffmanTable GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j

npm, cargo electron, libwebp-sys, libwebp-sys2

Moderate

about 2 years ago

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg

npm electron

Moderate

about 2 years ago

Electron context isolation bypass via nested unserializable return value GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf

npm electron

High

about 2 years ago

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc

npm electron

Critical

almost 3 years ago

Heap buffer overflow in GPU GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ

npm electron

Moderate

almost 3 years ago

Exfiltration of hashed SMB credentials on Windows via file:// redirect GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_

npm electron

Moderate

over 3 years ago

AutoUpdater module fails to validate certain nested components of the bundle GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt

npm electron

Low

over 3 years ago

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs

npm electron

High

over 3 years ago

Electron vulnerable to remote command execution GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R

npm electron

Moderate

over 3 years ago

Electron vulnerable to URL spoofing via PDFium GSA_kwCzR0hTQS02aDk4LWNmOWctdm1nMs4AAR20

npm Electron

Low

over 3 years ago

Renderers can obtain access to random bluetooth device without permission in Electron GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew

npm electron

Moderate

almost 4 years ago

Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ

npm electron

Moderate

over 4 years ago

IPC messages delivered to the wrong frame in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205

npm electron

Low

almost 5 years ago

Context isolation bypass in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4

npm electron

High

almost 5 years ago

Unpreventable top-level navigation MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0

npm electron

Moderate

about 5 years ago

Arbitrary file read via window-open IPC in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht

npm electron

High

about 5 years ago

Context isolation bypass via contextBridge in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn

npm electron

High

about 5 years ago

Context isolation bypass via leaked cross-context objects in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5

npm electron

Low

about 5 years ago

Context isolation bypass via Promise in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn

npm electron

High

about 7 years ago

Electron webPreferences vulnerability can be used to perform remote code execution MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2

npm electron

Critical

about 7 years ago

Chromium Remote Code Execution in electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw

npm electron

High

over 7 years ago

Electron protocol handler browser vulnerable to Command Injection MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2

npm electron

High

over 7 years ago

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw

npm electron

High

over 7 years ago

Remote Code Execution in electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw

npm electron

High

almost 8 years ago

High severity vulnerability that affects electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3

npm electron

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

electron

Electron has ASAR Integrity Bypass via resource modification GSA_kwCzR0hTQS12bXF2LWh4OHEtajdtZ84ABLov

Electron vulnerable to Heap Buffer Overflow in NativeImage GSA_kwCzR0hTQS02cjJ4LThwcTgtOTQ4Oc4ABJkx

electron ASAR Integrity bypass by just modifying the content GSA_kwCzR0hTQS14dzVxLWc2MngtMnFqY84ABJkk

ASAR Integrity bypass via filetype confusion in electron GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-

Electron affected by libvpx's heap buffer overflow in vp8 encoding GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC

libwebp: OOB write in BuildHuffmanTable GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg

Electron context isolation bypass via nested unserializable return value GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc

Heap buffer overflow in GPU GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ

Exfiltration of hashed SMB credentials on Windows via file:// redirect GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_

AutoUpdater module fails to validate certain nested components of the bundle GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs

Electron vulnerable to remote command execution GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R

Electron vulnerable to URL spoofing via PDFium GSA_kwCzR0hTQS02aDk4LWNmOWctdm1nMs4AAR20

Renderers can obtain access to random bluetooth device without permission in Electron GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew

Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ

IPC messages delivered to the wrong frame in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205

Context isolation bypass in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4

Unpreventable top-level navigation MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0

Arbitrary file read via window-open IPC in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht

Context isolation bypass via contextBridge in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn

Context isolation bypass via leaked cross-context objects in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5

Context isolation bypass via Promise in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn

Electron webPreferences vulnerability can be used to perform remote code execution MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2

Chromium Remote Code Execution in electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw

Electron protocol handler browser vulnerable to Command Injection MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw

Remote Code Execution in electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw

High severity vulnerability that affects electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3

Filter by Severity