Skip to main content

Electron

21 CVEs product

Monthly

CVE-2023-44402 npm HIGH PATCH This Week

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Apple Electron
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-39956 npm MEDIUM PATCH This Month

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Google Electron
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-29198 npm HIGH PATCH This Week

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
8.5
EPSS
0.5%
CVE-2023-23623 npm CRITICAL PATCH Act Now

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36077 npm MEDIUM PATCH This Month

The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Electron
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29257 npm HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29247 npm CRITICAL PATCH Act Now

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Electron
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-21718 npm MEDIUM PATCH This Month

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
5.0
EPSS
0.9%
CVE-2021-39184 npm HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2020-15215 npm MEDIUM PATCH This Month

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
5.6
EPSS
0.7%
CVE-2020-15174 npm HIGH PATCH This Week

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-4077 npm CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
9.9
EPSS
1.0%
CVE-2020-4076 npm CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%
CVE-2020-4075 npm HIGH PATCH This Week

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Electron
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-15096 npm MEDIUM PATCH This Month

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2018-15685 npm HIGH POC PATCH THREAT This Week

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Electron
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
10.4%
CVE-2018-1000136 npm HIGH POC PATCH This Week

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Electron
NVD
CVSS 3.0
8.1
EPSS
5.3%
CVE-2018-1000118 npm HIGH PATCH This Week

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Electron
NVD GitHub
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1000006 npm HIGH POC PATCH THREAT Act Now

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Command Injection Electron
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
84.4%
CVE-2017-12581 npm HIGH POC PATCH This Week

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Google Command Injection Electron Chrome
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2016-1202 npm HIGH PATCH This Week

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Node.js Electron
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Apple Electron
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Google +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Electron
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Electron
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Electron
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
EPSS 1% CVSS 5.6
MEDIUM PATCH This Month

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Electron
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Electron
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Electron
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electron
NVD GitHub
EPSS 10% CVSS 8.1
HIGH POC PATCH THREAT This Week

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Electron
NVD Exploit-DB
EPSS 5% CVSS 8.1
HIGH POC PATCH This Week

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Electron
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Electron
NVD GitHub
EPSS 84% CVSS 8.8
HIGH POC PATCH THREAT Act Now

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Command Injection Electron
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Google Command Injection +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Node.js Electron
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy