Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

electron — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting electron. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products electron:electronpackager
CVE IDTitleCVSSSeverityPaused
CVE-2026-34781 Electron crashes in clipboard.readImage() on malformed clipboard image data — electronCWE-476 2.8 Low2026-04-07
CVE-2026-34765 Electron named window.open targets not scoped to the opener's browsing context — electronCWE-668 6.0 Medium2026-04-07
CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback — electronCWE-416 2.3 Low2026-04-06
CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer — electronCWE-668 8.4 High2026-04-04
CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS — electronCWE-78 6.5 Medium2026-04-04
CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies — electronCWE-290 5.9 Medium2026-04-03
CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests — electronCWE-346 5.4 Medium2026-04-03
CVE-2026-34776 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux — electronCWE-125 5.3 Medium2026-04-03
CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes — electronCWE-653 6.8 Medium2026-04-03
CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback — electronCWE-416 8.1 High2026-04-03
CVE-2026-34773 Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows — electronCWE-20 4.7 Medium2026-04-03
CVE-2026-34772 Electron: Use-after-free in download save dialog callback — electronCWE-416 5.8 Medium2026-04-03
CVE-2026-34771 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks — electronCWE-416 7.5 High2026-04-03
CVE-2026-34770 Electron: Use-after-free in PowerMonitor on Windows and macOS — electronCWE-416 7.0 High2026-04-03
CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows — electronCWE-428 3.9 Low2026-04-03
CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest — electronCWE-74 5.9 Medium2026-04-03
CVE-2026-34766 Electron: USB device selection not validated against filtered device list — electronCWE-862 3.3 Low2026-04-03
CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference — electronCWE-88 7.8 High2026-04-03
CVE-2025-55305 Electron is vulnerable to Code Injection via resource modification — electronCWE-94 6.1 Medium2025-09-04
CVE-2024-46993 Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath — electronCWE-122 8.0AIHighAI2025-07-01
CVE-2024-46992 Electron ASAR Integrity bypass by just modifying the content — electronCWE-354 7.8 High2025-07-01
CVE-2024-29900 @electron/packager's build process memory potentially leaked into final executable — packagerCWE-402 7.5 High2024-03-29
CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron — electronCWE-345 6.1 Medium2023-12-01
CVE-2023-23623 Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron — electronCWE-670 7.5 High2023-09-06
CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron — electronCWE-754 6.0 Medium2023-09-06
CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd — electronCWE-94 6.1 Medium2023-09-06
CVE-2022-36077 Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect — electronCWE-522 7.2 High2022-11-08
CVE-2022-29257 Electron's AutoUpdater module fails to validate certain nested components of the bundle — electronCWE-20 6.6 Medium2022-06-13
CVE-2022-29247 Exposure of Resource to Wrong Sphere in Electron — electronCWE-668 2.2 Low2022-06-13
CVE-2022-21718 Renderers can obtain access to random bluetooth device without permission in Electron — electronCWE-668 3.4 Low2022-03-22

This page lists every published CVE security advisory associated with electron. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.