Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

electron — Vulnerabilities & Security Advisories 38

All 38 CVE vulnerabilities found in electron, with AI-generated Chinese analysis, references, and POCs.

Vendor: electron

CVE IDTitleCVSSSeverityPublished
CVE-2026-34781 Electron crashes in clipboard.readImage() on malformed clipboard image data CWE-476 2.8 Low2026-04-07
CVE-2026-34765 Electron named window.open targets not scoped to the opener's browsing context CWE-668 6.0 Medium2026-04-07
CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback CWE-416 2.3 Low2026-04-06
CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer CWE-668 8.4 High2026-04-04
CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS CWE-78 6.5 Medium2026-04-04
CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies CWE-290 5.9 Medium2026-04-03
CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests CWE-346 5.4 Medium2026-04-03
CVE-2026-34776 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux CWE-125 5.3 Medium2026-04-03
CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes CWE-653 6.8 Medium2026-04-03
CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback CWE-416 8.1 High2026-04-03
CVE-2026-34773 Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows CWE-20 4.7 Medium2026-04-03
CVE-2026-34772 Electron: Use-after-free in download save dialog callback CWE-416 5.8 Medium2026-04-03
CVE-2026-34771 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks CWE-416 7.5 High2026-04-03
CVE-2026-34770 Electron: Use-after-free in PowerMonitor on Windows and macOS CWE-416 7.0 High2026-04-03
CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows CWE-428 3.9 Low2026-04-03
CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest CWE-74 5.9 Medium2026-04-03
CVE-2026-34766 Electron: USB device selection not validated against filtered device list CWE-862 3.3 Low2026-04-03
CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference CWE-88 7.8 High2026-04-03
CVE-2025-5805 WordPress Electron theme <= 1.8.2 - Broken Access Control vulnerability CWE-862 6.5 Medium2026-01-22
CVE-2025-55305 Electron is vulnerable to Code Injection via resource modification CWE-94 6.1 Medium2025-09-04
CVE-2024-46993 Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath CWE-122 8.0AIHighAI2025-07-01
CVE-2024-46992 Electron ASAR Integrity bypass by just modifying the content CWE-354 7.8 High2025-07-01
CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron CWE-345 6.1 Medium2023-12-01
CVE-2023-23623 Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron CWE-670 7.5 High2023-09-06
CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron CWE-754 6.0 Medium2023-09-06
CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd CWE-94 6.1 Medium2023-09-06
CVE-2022-36077 Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect CWE-522 7.2 High2022-11-08
CVE-2022-29257 Electron's AutoUpdater module fails to validate certain nested components of the bundle CWE-20 6.6 Medium2022-06-13
CVE-2022-29247 Exposure of Resource to Wrong Sphere in Electron CWE-668 2.2 Low2022-06-13
CVE-2022-21718 Renderers can obtain access to random bluetooth device without permission in Electron CWE-668 3.4 Low2022-03-22

All 38 known CVE vulnerabilities affecting electron with full Chinese analysis, references, and POCs where available.