electron vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54257Criticalelectron: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflowCVE-2026-34781Lowelectron: Electron: Crash in clipboard.readImage() on malformed clipboard image dataCVE-2026-34765Mediumelectron: Electron: Named window.open targets not scoped to the opener's browsing contextCVE-2026-34764Lowelectron: Electron: Use-after-free in offscreen shared texture release() callbackCVE-2026-34780Highelectron: Electron: Context Isolation bypass via contextBridge VideoFrame transferCVE-2026-34779Mediumelectron: Electron: AppleScript injection in app.moveToApplicationsFolder on macOSCVE-2026-34778Mediumelectron: Electron: Service worker can spoof executeJavaScript IPC repliesCVE-2026-34777Mediumelectron: Electron: Incorrect origin passed to permission request handler for iframe requestsCVE-2026-34776Mediumelectron: Electron: Out-of-bounds read in second-instance IPC on macOS and LinuxCVE-2026-34775Mediumelectron: Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processesCVE-2026-34774Highelectron: Electron: Use-after-free in offscreen child window paint callbackCVE-2026-34773Mediumelectron: Electron: Registry key path injection in app.setAsDefaultProtocolClient on WindowsCVE-2026-34772Mediumelectron: Electron: Use-after-free in download save dialog callbackCVE-2026-34771Highelectron: Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission…CVE-2026-34770Highelectron: Electron: Use-after-free in PowerMonitor on Windows and macOSCVE-2026-34769Highelectron: Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreferenceCVE-2026-34768Lowelectron: Electron: Unquoted executable path in app.setLoginItemSettings on WindowsCVE-2026-34767Mediumelectron: Electron: HTTP Response Header Injection in custom protocol handlers and webRequestCVE-2026-34766Lowelectron: Electron: USB device selection not validated against filtered device listCVE-2025-55305Mediumelectron: Electron has ASAR Integrity Bypass via resource modificationCVE-2024-46993Mediumelectron: Electron vulnerable to Heap Buffer Overflow in NativeImageCVE-2024-46992Highelectron: electron ASAR Integrity bypass by just modifying the contentCVE-2023-44402Mediumelectron: ASAR Integrity bypass via filetype confusion in electronCVE-2023-5217Highelectron: Electron affected by libvpx's heap buffer overflow in vp8 encodingCVE-2023-4863Highlibwebp-sys2: libwebp: OOB write in BuildHuffmanTable

Stop the waste.
Protect your environment with Kodem.