Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
electronjs electron vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2020-26272
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the...
Electronjs Electron
Electronjs Electron 9.0.0
Electronjs Electron 10.0.0
Electronjs Electron 11.0.0
Electronjs Electron 12.0.0
5.8
CVSSv2
CVE-2020-15174
In Electron prior to 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is pat...
Electronjs Electron
6.8
CVSSv2
CVE-2020-15215
Electron prior to 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isol...
Electronjs Electron 8.0.0
Electronjs Electron 8.0.1
Electronjs Electron 8.0.2
Electronjs Electron 8.0.3
Electronjs Electron 8.1.0
Electronjs Electron 8.1.1
Electronjs Electron 8.2.0
Electronjs Electron 8.2.1
Electronjs Electron 8.2.2
Electronjs Electron 8.2.3
Electronjs Electron 8.2.4
Electronjs Electron 8.2.5
Electronjs Electron 8.3.0
Electronjs Electron 8.3.1
Electronjs Electron 8.3.2
Electronjs Electron 8.3.3
Electronjs Electron 8.3.4
Electronjs Electron 8.4.0
Electronjs Electron 8.4.1
Electronjs Electron 8.5.0
Electronjs Electron 8.5.1
Electronjs Electron 9.0.0
4
CVSSv2
CVE-2020-15096
In Electron prior to 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation"...
Electronjs Electron
Electronjs Electron 9.0.0
2.1
CVSSv2
CVE-2020-4075
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `opt...
Electronjs Electron
Electronjs Electron 9.0.0
3.6
CVSSv2
CVE-2020-4076
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in...
Electronjs Electron
Electronjs Electron 9.0.0
6.5
CVSSv2
CVE-2020-4077
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are...
Electronjs Electron
Electronjs Electron 9.0.0
6.8
CVSSv2
CVE-2018-15685
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...
Electronjs Electron 3.0.0
Electronjs Electron 2.0.7
Electronjs Electron 1.8.7
Electronjs Electron 1.7.15
1 EDB exploit
7.5
CVSSv2
CVE-2017-16151
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandb...
Electronjs Electron
6.8
CVSSv2
CVE-2018-1000136
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND...
Electronjs Electron 2.0.0
Electronjs Electron
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »