Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
electronjs electron vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2020-4077
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are...
Electronjs Electron
Electronjs Electron 9.0.0
9.8
CVSSv3
CVE-2023-23623
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in re...
Electronjs Electron 23.0.0
Electronjs Electron 22.0.0
9.8
CVSSv3
CVE-2022-29247
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions before 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeInte...
Electronjs Electron 18.0.0
Electronjs Electron 17.0.0
Electronjs Electron
Electronjs Electron 16.0.0
9.8
CVSSv3
CVE-2017-16151
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandb...
Electronjs Electron
9
CVSSv3
CVE-2020-4076
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in...
Electronjs Electron
Electronjs Electron 9.0.0
8.8
CVSSv3
CVE-2021-32772
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the...
Electronjs Poddycast 0.8.0
8.8
CVSSv3
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and previous versions contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This v...
Electronjs Electron 1.8.2
Electronjs Electron
1 Github repository
8.8
CVSSv3
CVE-2018-1000006
GitHub Electron versions 1.8.2-beta.3 and previous versions, 1.7.10 and previous versions, 1.6.15 and previous versions has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked i...
Atom Electron 1.8.2
Atom Electron
2 EDB exploits
2 Github repositories
2 Articles
8.6
CVSSv3
CVE-2021-39184
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions before 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's syste...
Electronjs Electron 15.0.0
Electronjs Electron 14.0.0
Electronjs Electron
8.5
CVSSv3
CVE-2023-29198
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the...
Electronjs Electron
Electronjs Electron 25.0.0
Electronjs Electron 24.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »