| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-46993 | Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath | electron | electron | - | - | 2025-07-01 01:55:51 | Deep Dive |
| CVE-2024-46992 | Electron ASAR Integrity bypass by just modifying the content | electron | electron | High | 7.8 | 2025-07-01 01:43:14 | Deep Dive |
| CVE-2024-39698 | Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6 | electron-userland | electron-builder | High | 7.5 | 2024-07-09 17:50:28 | Deep Dive |
| CVE-2024-29900 | @electron/packager's build process memory potentially leaked into final executable | electron | packager | High | 7.5 | 2024-03-29 15:15:46 | Deep Dive |
| CVE-2024-27303 | electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) | electron-userland | electron-builder | High | 7.3 | 2024-03-06 18:35:38 | Deep Dive |
| CVE-2024-1648 | electron-pdf 20.0.0 - Local File Read via Server Side XSS | electron-pdf | electron-pdf | High | 7.5 | 2024-02-20 00:01:51 | Deep Dive |
| CVE-2023-44402 | ASAR Integrity bypass via filetype confusion in electron | electron | electron | Medium | 6.1 | 2023-12-01 21:45:18 | Deep Dive |
| CVE-2023-23623 | Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron | electron | electron | High | 7.5 | 2023-09-06 20:16:10 | Deep Dive |
| CVE-2023-29198 | Context isolation bypass via nested unserializable return value in Electron | electron | electron | Medium | 6.0 | 2023-09-06 20:13:56 | Deep Dive |
| CVE-2023-39956 | Electron: Out-of-package code execution when launched with arbitrary cwd | electron | electron | Medium | 6.1 | 2023-09-06 20:09:33 | Deep Dive |
| CVE-2023-1005 | JP1016 Markdown-Electron code injection | JP1016 | Markdown-Electron | Medium | 5.3 | 2023-02-24 08:00:18 | Deep Dive |
| CVE-2022-25908 | npm create-choo-electron 安全漏洞 | - | create-choo-electron | High | 7.4 | 2023-01-24 05:00:02 | Deep Dive |
| CVE-2022-44567 | Rocket.Chat 操作系统命令注入漏洞 | - | Rocket.chat - Electron Desktop | 超危 | - | 2022-12-23 00:00:00 | Deep Dive |
| CVE-2022-36077 | Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect | electron | electron | High | 7.2 | 2022-11-08 00:00:00 | Deep Dive |
| CVE-2022-29257 | Electron's AutoUpdater module fails to validate certain nested components of the bundle | electron | electron | Medium | 6.6 | 2022-06-13 21:25:10 | Deep Dive |
| CVE-2022-29247 | Exposure of Resource to Wrong Sphere in Electron | electron | electron | Low | 2.2 | 2022-06-13 21:05:10 | Deep Dive |
| CVE-2022-21718 | Renderers can obtain access to random bluetooth device without permission in Electron | electron | electron | Low | 3.4 | 2022-03-22 16:25:12 | Deep Dive |
| CVE-2021-39184 | Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API | electron | electron | Medium | 6.8 | 2021-10-12 19:05:11 | Deep Dive |
| CVE-2020-26272 | Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs | electron | electron | Medium | 5.4 | 2021-01-28 18:25:17 | Deep Dive |
| CVE-2020-15215 | Context isolation bypass in Electron | electron | electron | Medium | 5.6 | 2020-10-06 18:00:17 | Deep Dive |