Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-jfqg-hf23-qpw2
  • npm/electron
 Electron: Context Isolation bypass via contextBridge VideoFrame transfer 6 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-5rqw-r77c-jp79
  • npm/electron
 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS 6 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-xj5x-m3f3-5x3h
  • npm/electron
 Electron: Service worker can spoof executeJavaScript IPC replies 6 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-r5p7-gp4j-qhrx
  • npm/electron
 Electron: Incorrect origin passed to permission request handler for iframe requests 6 hours ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-3c8v-cfp5-9885
  • npm/electron
 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux 6 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-xwr5-m59h-vwqr
  • npm/electron
 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes 6 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-532v-xpq5-8h95
  • npm/electron
 Electron: Use-after-free in offscreen child window paint callback 6 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-mwmh-mq4g-g6gr
  • npm/electron
 Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows 6 hours ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-9w97-2464-8783
  • npm/electron
 Electron: Use-after-free in download save dialog callback 6 hours ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-8337-3p73-46f4
  • npm/electron
 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks 6 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-jjp3-mq3x-295m
  • npm/electron
 Electron: Use-after-free in PowerMonitor on Windows and macOS 6 hours ago
  • Fix available
  • Severity - 7.0 (High)
GHSA-9wfr-w7mm-pc7f
  • npm/electron
 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference 6 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-jfqx-fxh3-c62j
  • npm/electron
 Electron: Unquoted executable path in app.setLoginItemSettings on Windows 6 hours ago
  • Fix available
  • Severity - 3.9 (Low)
GHSA-4p4r-m79c-wq3v
  • npm/electron
 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest 6 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-9899-m83m-qhpj
  • npm/electron
 Electron: USB device selection not validated against filtered device list 6 hours ago
  • Fix available
  • Severity - 3.3 (Low)
MAL-2026-2243
  • npm/browserstack-electron-forge-include-package-plugin
 Malicious code in browserstack-electron-forge-include-package-plugin (npm) 26 Mar
  • No fix available
Load more...