CVE-2023-5217 high —
9.5
3y ago
Important: firefox security update
rockylinux redhat almalinux debian +2
CVE-2023-4863 high —
9.5
3y ago
Important: firefox security update
redhat debian rockylinux suse +5
CVE-2017-12581 high 8.1
8.1
9y ago
Electron vulnerable to remote command execution
npm
CVE-2023-5129 high —
8.0
3y ago
libwebp: OOB write in BuildHuffmanTable
redhat rockylinux suse rust +4
CVE-2016-1202 high 7.8
7.8
10y ago
High severity vulnerability that affects electron
npm
CVE-2026-34764 medium 5.5
5.5
2mo ago
Electron: Use-after-free in offscreen shared texture release() callback
npm
CVE-2020-26272 medium —
5.5
5y ago
IPC messages delivered to the wrong frame in Electron
arch npm
CVE-2022-4135 unknown —
1.5
4y ago
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML p…
debian npm
CVE-2026-34781 unknown —
—
2mo ago
Electron: Crash in clipboard.readImage() on malformed clipboard image data
npm
CVE-2026-34765 unknown —
—
2mo ago
Electron: Named window.open targets not scoped to the opener's browsing context
npm
CVE-2026-34780 unknown —
—
2mo ago
Electron: Context Isolation bypass via contextBridge VideoFrame transfer
npm
CVE-2026-34779 unknown —
—
2mo ago
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
npm
CVE-2026-34778 unknown —
—
2mo ago
Electron: Service worker can spoof executeJavaScript IPC replies
npm
CVE-2026-34777 unknown —
—
2mo ago
Electron: Incorrect origin passed to permission request handler for iframe requests
npm
CVE-2026-34776 unknown —
—
2mo ago
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux
npm
CVE-2026-34775 unknown —
—
2mo ago
Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
npm
CVE-2026-34774 unknown —
—
2mo ago
Electron: Use-after-free in offscreen child window paint callback
npm
CVE-2026-34773 unknown —
—
2mo ago
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows
npm
CVE-2026-34772 unknown —
—
2mo ago
Electron: Use-after-free in download save dialog callback
npm
CVE-2026-34771 unknown —
—
2mo ago
Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks
npm
CVE-2026-34770 unknown —
—
2mo ago
Electron: Use-after-free in PowerMonitor on Windows and macOS
npm
CVE-2026-34769 unknown —
—
2mo ago
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
npm
CVE-2026-34768 unknown —
—
2mo ago
Electron: Unquoted executable path in app.setLoginItemSettings on Windows
npm
CVE-2026-34767 unknown —
—
2mo ago
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest
npm
CVE-2026-34766 unknown —
—
2mo ago
Electron: USB device selection not validated against filtered device list
npm
CVE-2025-55305 unknown —
—
9mo ago
Electron has ASAR Integrity Bypass via resource modification
npm
CVE-2024-46993 unknown —
—
11mo ago
Electron vulnerable to Heap Buffer Overflow in NativeImage
suse npm
CVE-2024-46992 unknown —
—
11mo ago
electron ASAR Integrity bypass by just modifying the content
npm
CVE-2023-44402 unknown —
—
3y ago
ASAR Integrity bypass via filetype confusion in electron
npm
CVE-2023-39956 unknown —
—
3y ago
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
npm
CVE-2023-29198 unknown —
—
3y ago
Electron context isolation bypass via nested unserializable return value
npm
CVE-2023-23623 unknown —
—
3y ago
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
npm
CVE-2022-36077 unknown —
—
4y ago
Exfiltration of hashed SMB credentials on Windows via file:// redirect
npm
CVE-2022-29257 unknown —
—
4y ago
AutoUpdater module fails to validate certain nested components of the bundle
npm
CVE-2022-29247 unknown —
—
4y ago
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
npm
CVE-2017-1000424 unknown —
—
4y ago
Electron vulnerable to URL spoofing via PDFium
npm
CVE-2022-21718 unknown —
—
4y ago
Renderers can obtain access to random bluetooth device without permission in Electron
npm
CVE-2021-39184 unknown —
—
5y ago
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
npm
CVE-2020-15215 unknown —
—
6y ago
Context isolation bypass in Electron
npm
CVE-2020-15174 unknown —
—
6y ago
Unpreventable top-level navigation
npm
CVE-2020-4075 unknown —
—
6y ago
Arbitrary file read via window-open IPC in Electron
npm
CVE-2020-4077 unknown —
—
6y ago
Context isolation bypass via contextBridge in Electron
npm
CVE-2020-4076 unknown —
—
6y ago
Context isolation bypass via leaked cross-context objects in Electron
npm
CVE-2020-15096 unknown —
—
6y ago
Context isolation bypass via Promise in Electron
npm
CVE-2018-15685 unknown —
—
8y ago
Electron webPreferences vulnerability can be used to perform remote code execution
npm
CVE-2017-16151 unknown —
—
8y ago
Chromium Remote Code Execution in electron
npm
CVE-2018-1000118 unknown —
—
8y ago
Electron protocol handler browser vulnerable to Command Injection
npm
CVE-2018-1000136 unknown —
—
8y ago
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
npm
CVE-2018-1000006 unknown —
—
9y ago
Remote Code Execution in electron
npm