Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

electron

npm

Build cross platform desktop apps with JavaScript, HTML, and CSS

View on github.com · View on npmjs.org

Security Advisories for electron in npm

Low
2 months ago

Electron: Crash in clipboard.readImage() on malformed clipboard image data GSA_kwCzR0hTQS1mMzd2LTgyYzQtNHg2NM4ABU1S

npm electron
Moderate
2 months ago

Electron: Named window.open targets not scoped to the opener's browsing context GSA_kwCzR0hTQS1mM3B2LXd2NjMtNDh4OM4ABU1R

npm electron
Low
2 months ago

Electron: Use-after-free in offscreen shared texture release() callback GSA_kwCzR0hTQS04eDVxLXB2ZjUtNjRtcM4ABUty

npm electron
High
2 months ago

Electron: Context Isolation bypass via contextBridge VideoFrame transfer GSA_kwCzR0hTQS1qZnFnLWhmMjMtcXB3Ms4ABUqO

npm electron
Moderate
2 months ago

Electron: AppleScript injection in app.moveToApplicationsFolder on macOS GSA_kwCzR0hTQS01cnF3LXI3N2MtanA3Oc4ABUqN

npm electron
Moderate
2 months ago

Electron: Service worker can spoof executeJavaScript IPC replies GSA_kwCzR0hTQS14ajV4LW0zZjMtNXgzaM4ABUqM

npm electron
Moderate
2 months ago

Electron: Incorrect origin passed to permission request handler for iframe requests GSA_kwCzR0hTQS1yNXA3LWdwNGotcWhyeM4ABUqL

npm electron
Moderate
2 months ago

Electron: Out-of-bounds read in second-instance IPC on macOS and Linux GSA_kwCzR0hTQS0zYzh2LWNmcDUtOTg4Nc4ABUqK

npm electron
Moderate
2 months ago

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes GSA_kwCzR0hTQS14d3I1LW01OWgtdndxcs4ABUqJ

npm electron
High
2 months ago

Electron: Use-after-free in offscreen child window paint callback GSA_kwCzR0hTQS01MzJ2LXhwcTUtOGg5Nc4ABUqI

npm electron
Moderate
2 months ago

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows GSA_kwCzR0hTQS1td21oLW1xNGctZzZncs4ABUqH

npm electron
Moderate
2 months ago

Electron: Use-after-free in download save dialog callback GSA_kwCzR0hTQS05dzk3LTI0NjQtODc4M84ABUqG

npm electron
High
2 months ago

Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks GSA_kwCzR0hTQS04MzM3LTNwNzMtNDZmNM4ABUqF

npm electron
High
2 months ago

Electron: Use-after-free in PowerMonitor on Windows and macOS GSA_kwCzR0hTQS1qanAzLW1xM3gtMjk1bc4ABUqE

npm electron
High
2 months ago

Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference GSA_kwCzR0hTQS05d2ZyLXc3bW0tcGM3Zs4ABUqD

npm electron
Low
2 months ago

Electron: Unquoted executable path in app.setLoginItemSettings on Windows GSA_kwCzR0hTQS1qZnF4LWZ4aDMtYzYyas4ABUqC

npm electron
Moderate
2 months ago

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest GSA_kwCzR0hTQS00cDRyLW03OWMtd3Ezds4ABUqB

npm electron
Low
2 months ago

Electron: USB device selection not validated against filtered device list GSA_kwCzR0hTQS05ODk5LW04M20tcWhwas4ABUqA

npm electron
Moderate
9 months ago

Electron has ASAR Integrity Bypass via resource modification GSA_kwCzR0hTQS12bXF2LWh4OHEtajdtZ84ABLov

npm electron
Moderate
12 months ago

Electron vulnerable to Heap Buffer Overflow in NativeImage GSA_kwCzR0hTQS02cjJ4LThwcTgtOTQ4Oc4ABJkx

npm electron
High
12 months ago

electron ASAR Integrity bypass by just modifying the content GSA_kwCzR0hTQS14dzVxLWc2MngtMnFqY84ABJkk

npm electron
Moderate
over 2 years ago

ASAR Integrity bypass via filetype confusion in electron GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-

npm electron
High
over 2 years ago

Electron affected by libvpx's heap buffer overflow in vp8 encoding GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC

npm electron
High
over 2 years ago

libwebp: OOB write in BuildHuffmanTable GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j

npm, cargo electron, libwebp-sys, libwebp-sys2
Moderate
almost 3 years ago

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg

npm electron
Moderate
almost 3 years ago

Electron context isolation bypass via nested unserializable return value GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf

npm electron
High
almost 3 years ago

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc

npm electron
Critical
over 3 years ago

Heap buffer overflow in GPU GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ

npm electron
Moderate
over 3 years ago

Exfiltration of hashed SMB credentials on Windows via file:// redirect GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_

npm electron
Moderate
almost 4 years ago

AutoUpdater module fails to validate certain nested components of the bundle GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt

npm electron
Low
almost 4 years ago

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs

npm electron
High
about 4 years ago

Electron vulnerable to remote command execution GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R

npm electron
Moderate
about 4 years ago

Electron vulnerable to URL spoofing via PDFium GSA_kwCzR0hTQS02aDk4LWNmOWctdm1nMs4AAR20

npm Electron
Low
about 4 years ago

Renderers can obtain access to random bluetooth device without permission in Electron GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew

npm electron
Moderate
over 4 years ago

Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ

npm electron
Moderate
over 5 years ago

IPC messages delivered to the wrong frame in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205

npm electron
Low
over 5 years ago

Context isolation bypass in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4

npm electron
High
over 5 years ago

Unpreventable top-level navigation MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0

npm electron
Moderate
almost 6 years ago

Arbitrary file read via window-open IPC in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht

npm electron
High
almost 6 years ago

Context isolation bypass via contextBridge in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn

npm electron
High
almost 6 years ago

Context isolation bypass via leaked cross-context objects in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5

npm electron
Low
almost 6 years ago

Context isolation bypass via Promise in Electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn

npm electron
High
almost 8 years ago

Electron webPreferences vulnerability can be used to perform remote code execution MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2

npm electron
Critical
almost 8 years ago

Chromium Remote Code Execution in electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw

npm electron
High
about 8 years ago

Electron protocol handler browser vulnerable to Command Injection MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2

npm electron
High
about 8 years ago

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw

npm electron
High
over 8 years ago

Remote Code Execution in electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw

npm electron
High
over 8 years ago

High severity vulnerability that affects electron MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3

npm electron

Filter by Severity

Moderate 20 High 18 Low 8 Critical 2