| CVE-2023-5217 |
high |
— |
9.5 |
|
|
|
3y ago |
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability c… |
| CVE-2023-4863 |
high |
— |
9.5 |
|
|
|
3y ago |
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect … |
| CVE-2026-34769 |
high |
8.8 |
8.8 |
|
|
|
2mo ago |
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitche… |
| CVE-2017-12581 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
Electron vulnerable to remote command execution |
| CVE-2023-5129 |
high |
— |
8.0 |
|
|
|
3y ago |
RHSA-2023:5309: libwebp security update (Important) |
| CVE-2016-1202 |
high |
7.8 |
7.8 |
|
|
|
10y ago |
High severity vulnerability that affects electron |
| CVE-2026-34764 |
medium |
5.5 |
5.5 |
|
|
|
2mo ago |
Electron: Use-after-free in offscreen shared texture release() callback |
| CVE-2020-26272 |
medium |
— |
5.5 |
|
|
|
5y ago |
IPC messages delivered to the wrong frame in Electron |
| CVE-2022-4135 |
unknown |
— |
1.5 |
|
|
|
4y ago |
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML p… |
| CVE-2018-15685 |
unknown |
— |
1.0 |
|
|
|
8y ago |
Electron webPreferences vulnerability can be used to perform remote code execution |
| CVE-2018-1000006 |
unknown |
— |
1.0 |
|
|
|
9y ago |
Remote Code Execution in electron |
| CVE-2026-34781 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Crash in clipboard.readImage() on malformed clipboard image data |
| CVE-2026-34765 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Named window.open targets not scoped to the opener's browsing context |
| CVE-2026-34780 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Context Isolation bypass via contextBridge VideoFrame transfer |
| CVE-2026-34779 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: AppleScript injection in app.moveToApplicationsFolder on macOS |
| CVE-2026-34778 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Service worker can spoof executeJavaScript IPC replies |
| CVE-2026-34777 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Incorrect origin passed to permission request handler for iframe requests |
| CVE-2026-34776 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Out-of-bounds read in second-instance IPC on macOS and Linux |
| CVE-2026-34775 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes |
| CVE-2026-34774 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Use-after-free in offscreen child window paint callback |
| CVE-2026-34773 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows |
| CVE-2026-34772 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Use-after-free in download save dialog callback |
| CVE-2026-34771 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks |
| CVE-2026-34770 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Use-after-free in PowerMonitor on Windows and macOS |
| CVE-2026-34768 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: Unquoted executable path in app.setLoginItemSettings on Windows |
| CVE-2026-34767 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: HTTP Response Header Injection in custom protocol handlers and webRequest |
| CVE-2026-34766 |
unknown |
— |
— |
|
|
|
2mo ago |
Electron: USB device selection not validated against filtered device list |
| CVE-2025-55305 |
unknown |
— |
— |
|
|
|
9mo ago |
Electron has ASAR Integrity Bypass via resource modification |
| CVE-2024-46993 |
unknown |
— |
— |
|
|
|
11mo ago |
Electron vulnerable to Heap Buffer Overflow in NativeImage |
| CVE-2024-46992 |
unknown |
— |
— |
|
|
|
11mo ago |
electron ASAR Integrity bypass by just modifying the content |
| CVE-2023-44402 |
unknown |
— |
— |
|
|
|
3y ago |
ASAR Integrity bypass via filetype confusion in electron |
| CVE-2023-39956 |
unknown |
— |
— |
|
|
|
3y ago |
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd |
| CVE-2023-29198 |
unknown |
— |
— |
|
|
|
3y ago |
Electron context isolation bypass via nested unserializable return value |
| CVE-2023-23623 |
unknown |
— |
— |
|
|
|
3y ago |
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled |
| CVE-2022-36077 |
unknown |
— |
— |
|
|
|
4y ago |
Exfiltration of hashed SMB credentials on Windows via file:// redirect |
| CVE-2022-29257 |
unknown |
— |
— |
|
|
|
4y ago |
AutoUpdater module fails to validate certain nested components of the bundle |
| CVE-2022-29247 |
unknown |
— |
— |
|
|
|
4y ago |
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled |
| CVE-2017-1000424 |
unknown |
— |
— |
|
|
|
4y ago |
Electron vulnerable to URL spoofing via PDFium |
| CVE-2022-21718 |
unknown |
— |
— |
|
|
|
4y ago |
Renderers can obtain access to random bluetooth device without permission in Electron |
| CVE-2021-39184 |
unknown |
— |
— |
|
|
|
5y ago |
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API |
| CVE-2020-15215 |
unknown |
— |
— |
|
|
|
6y ago |
Context isolation bypass in Electron |
| CVE-2020-15174 |
unknown |
— |
— |
|
|
|
6y ago |
Unpreventable top-level navigation |
| CVE-2020-4075 |
unknown |
— |
— |
|
|
|
6y ago |
Arbitrary file read via window-open IPC in Electron |
| CVE-2020-4077 |
unknown |
— |
— |
|
|
|
6y ago |
Context isolation bypass via contextBridge in Electron |
| CVE-2020-4076 |
unknown |
— |
— |
|
|
|
6y ago |
Context isolation bypass via leaked cross-context objects in Electron |
| CVE-2020-15096 |
unknown |
— |
— |
|
|
|
6y ago |
Context isolation bypass via Promise in Electron |
| CVE-2017-16151 |
unknown |
— |
— |
|
|
|
8y ago |
Chromium Remote Code Execution in electron |
| CVE-2018-1000118 |
unknown |
— |
— |
|
|
|
8y ago |
Electron protocol handler browser vulnerable to Command Injection |
| CVE-2018-1000136 |
unknown |
— |
— |
|
|
|
8y ago |
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration |
