electron vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2023-39956Mediumelectron: Electron vulnerable to out-of-package code execution when launched with arbitrary cwdCVE-2023-29198Mediumelectron: Electron context isolation bypass via nested unserializable return valueCVE-2023-23623Highelectron: Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox…CVE-2022-4135Criticalelectron: Heap buffer overflow in GPUCVE-2022-36077Mediumelectron: Exfiltration of hashed SMB credentials on Windows via file:// redirectCVE-2022-29257Mediumelectron: AutoUpdater module fails to validate certain nested components of the bundleCVE-2022-29247Lowelectron: Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames…CVE-2017-12581Highelectron: Electron vulnerable to remote command executionCVE-2017-1000424MediumElectron: Electron vulnerable to URL spoofing via PDFiumCVE-2022-21718Lowelectron: Renderers can obtain access to random bluetooth device without permission in ElectronCVE-2021-39184Mediumelectron: Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage APICVE-2020-26272Mediumelectron: IPC messages delivered to the wrong frame in ElectronCVE-2020-15215Lowelectron: Context isolation bypass in ElectronCVE-2020-15174Highelectron: Unpreventable top-level navigationCVE-2020-4075Mediumelectron: Arbitrary file read via window-open IPC in ElectronCVE-2020-4077Highelectron: Context isolation bypass via contextBridge in ElectronCVE-2020-4076Highelectron: Context isolation bypass via leaked cross-context objects in ElectronCVE-2020-15096Lowelectron: Context isolation bypass via Promise in ElectronCVE-2018-15685Highelectron: Electron webPreferences vulnerability can be used to perform remote code executionCVE-2017-16151Criticalelectron: Chromium Remote Code Execution in electronCVE-2018-1000118Highelectron: Electron protocol handler browser vulnerable to Command InjectionCVE-2018-1000136Highelectron: Electron Vulnerable to Code Execution by Re-Enabling Node.js IntegrationCVE-2018-1000006Highelectron: Remote Code Execution in electronCVE-2016-1202Highelectron: High severity vulnerability that affects electron

Stop the waste.
Protect your environment with Kodem.