HIGH 7.5 npm
GHSA-2q4g-w47c-4674 · CVE-2020-15174 Unpreventable top-level navigation
Modified: 3/13/2026
package
npm / electron
pkg:npm/electron
MEDIUM 5.3 npm
GHSA-3c8v-cfp5-9885 · CVE-2026-34776 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux
Modified: 4/6/2026
LOW 3.4 npm
GHSA-3p22-ghq8-v749 · CVE-2022-21718 Renderers can obtain access to random bluetooth device without permission in Electron
Modified: 11/8/2023
MEDIUM 5.9 npm
GHSA-4p4r-m79c-wq3v · CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest
Modified: 4/6/2026
CRITICAL 9.8 npm
GHSA-4w88-rjj3-x7wp · CVE-2017-16151 Chromium Remote Code Execution in electron
Modified: 11/8/2023
HIGH 8.1 npm
GHSA-532v-xpq5-8h95 · CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback
Modified: 4/6/2026
MEDIUM 5.6 npm
GHSA-56pc-6jqp-xqj8 · CVE-2020-15215 Context isolation bypass in Electron
Modified: 3/13/2026
MEDIUM 6.5 npm
GHSA-5rqw-r77c-jp79 · CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
Modified: 4/6/2026
MEDIUM 4.3 npm
GHSA-6h98-cf9g-vmg2 · CVE-2017-1000424 Electron vulnerable to URL spoofing via PDFium
Modified: 11/8/2023
MEDIUM npm
GHSA-6r2x-8pq8-9489 · CVE-2024-46993 Electron vulnerable to Heap Buffer Overflow in NativeImage
Modified: 7/1/2025
MEDIUM 6.8 npm
GHSA-6vrv-94jv-crrg · CVE-2020-15096 Context isolation bypass via Promise in Electron
Modified: 3/13/2026
MEDIUM 6.6 npm
GHSA-77xc-hjv8-ww97 · CVE-2022-29257 AutoUpdater module fails to validate certain nested components of the bundle
Modified: 11/8/2023
HIGH 8.1 npm
GHSA-7fv9-m79r-j9x8 · CVE-2017-12581 Electron vulnerable to remote command execution
Modified: 11/8/2023
MEDIUM 6.1 npm
GHSA-7m48-wc93-9g85 · CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron
Modified: 9/18/2024
MEDIUM 6.1 npm
GHSA-7x97-j373-85x5 · CVE-2023-39956 Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Modified: 11/8/2023
HIGH 7.5 npm
GHSA-8337-3p73-46f4 · CVE-2026-34771 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks
Modified: 4/6/2026
LOW 2.3 npm
GHSA-8x5q-pvf5-64mp · CVE-2026-34764 Electron: Use-after-free in offscreen shared texture release() callback
Modified: 4/6/2026
HIGH 8.1 npm
GHSA-8xwg-wv7v-4vqp · CVE-2018-1000136 Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Modified: 11/8/2023
LOW 3.3 npm
GHSA-9899-m83m-qhpj · CVE-2026-34766 Electron: USB device selection not validated against filtered device list
Modified: 4/6/2026
CRITICAL 9.6 npm
GHSA-995f-9x5r-2rcj · CVE-2022-4135 Heap buffer overflow in GPU
Modified: 11/8/2023
MEDIUM 5.8 npm
GHSA-9w97-2464-8783 · CVE-2026-34772 Electron: Use-after-free in download save dialog callback
Modified: 4/6/2026
HIGH 7.7 npm
GHSA-9wfr-w7mm-pc7f · CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
Modified: 4/6/2026
LOW 2.8 npm
GHSA-f37v-82c4-4x64 · CVE-2026-34781 Electron: Crash in clipboard.readImage() on malformed clipboard image data
Modified: 4/8/2026
MEDIUM 6.0 npm
GHSA-f3pv-wv63-48x8 · CVE-2026-34765 Electron: Named window.open targets not scoped to the opener's browsing context
Modified: 4/8/2026
MEDIUM 6.8 npm
GHSA-f9mq-jph6-9mhm · CVE-2020-4075 Arbitrary file read via window-open IPC in Electron
Modified: 3/13/2026
HIGH 8.8 npm
GHSA-fjqr-fx3f-g4rv · CVE-2018-1000118 Electron protocol handler browser vulnerable to Command Injection
Modified: 11/8/2023
HIGH 8.8 crates.io npm NuGet Go
GHSA-j7hp-h8jx-5ppr · A-299477569, ASB-A-299477569 libwebp: OOB write in BuildHuffmanTable
Modified: 2/4/2026
HIGH 7.8 npm
GHSA-gvcj-pfq2-wxj7 · CVE-2016-1202 High severity vulnerability that affects electron
Modified: 11/8/2023
HIGH 7.5 npm
GHSA-gxh7-wv9q-fwfr · CVE-2023-23623 Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Modified: 11/8/2023
HIGH 7.7 npm
GHSA-h9jc-284h-533g · CVE-2020-4077 Context isolation bypass via contextBridge in Electron
Modified: 3/13/2026
HIGH 8.1 npm
GHSA-hv9c-qwqg-qj3v · CVE-2018-15685 Electron webPreferences vulnerability can be used to perform remote code execution
Modified: 11/8/2023
MEDIUM 5.4 npm
GHSA-hvf8-h2qh-37m9 · CVE-2020-26272 IPC messages delivered to the wrong frame in Electron
Modified: 3/13/2026
HIGH 8.3 npm
GHSA-jfqg-hf23-qpw2 · CVE-2026-34780 Electron: Context Isolation bypass via contextBridge VideoFrame transfer
Modified: 4/6/2026
LOW 3.9 npm
GHSA-jfqx-fxh3-c62j · CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows
Modified: 4/6/2026
HIGH 7.0 npm
GHSA-jjp3-mq3x-295m · CVE-2026-34770 Electron: Use-after-free in PowerMonitor on Windows and macOS
Modified: 4/6/2026
HIGH 7.8 npm
GHSA-m93v-9qjc-3g79 · CVE-2020-4076 Context isolation bypass via leaked cross-context objects in Electron
Modified: 3/13/2026
MEDIUM 6.8 npm
GHSA-mpjm-v997-c4h4 · CVE-2021-39184 Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Modified: 3/13/2026
LOW 2.2 npm
GHSA-mq8j-3h7h-p8g7 · CVE-2022-29247 Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Modified: 11/8/2023
MEDIUM 4.7 npm
GHSA-mwmh-mq4g-g6gr · CVE-2026-34773 Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows
Modified: 4/6/2026
MEDIUM 5.4 npm
GHSA-p2jh-44qj-pf2v · CVE-2022-36077 Exfiltration of hashed SMB credentials on Windows via file:// redirect
Modified: 11/8/2023
MEDIUM 6.0 npm
GHSA-p7v2-p9m8-qqg7 · CVE-2023-29198 Electron context isolation bypass via nested unserializable return value
Modified: 11/8/2023
CRITICAL npm
GHSA-q6m5-f73j-m9mc · CVE-2026-54257 Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
Modified: 6/15/2026
HIGH 8.8 npm
GHSA-qqvq-6xgj-jw8g · CVE-2023-5217 Electron affected by libvpx's heap buffer overflow in vp8 encoding
Modified: 2/15/2024
MEDIUM 5.4 npm
GHSA-r5p7-gp4j-qhrx · CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests
Modified: 4/6/2026
MEDIUM 6.1 npm
GHSA-vmqv-hx8q-j7mg · CVE-2025-55305 Electron has ASAR Integrity Bypass via resource modification
Modified: 9/5/2025
HIGH 8.8 npm
GHSA-w222-53c6-c86p · CVE-2018-1000006 Remote Code Execution in electron
Modified: 11/8/2023
MEDIUM 5.9 npm
GHSA-xj5x-m3f3-5x3h · CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies
Modified: 4/6/2026
HIGH 7.8 npm
GHSA-xw5q-g62x-2qjc · CVE-2024-46992 electron ASAR Integrity bypass by just modifying the content
Modified: 7/1/2025
MEDIUM 6.8 npm
GHSA-xwr5-m59h-vwqr · CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Modified: 4/6/2026