Home/Product/electronjs electron
Product

electronjs electron

44 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34781
<= 39.8.4
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 4
2.8LOW
 CVE-2026-34765
<= 39.8.4
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 4
6.0MEDIUM
 CVE-2026-34764
>= 33.0.0 and < 39.8.5
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to bef
2.3LOW
 CVE-2026-34780
>= 39.0.0 and < 39.8.0
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha
8.3HIGH
 CVE-2026-34779
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
6.5MEDIUM
 CVE-2026-34778
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
5.9MEDIUM
 CVE-2026-34777
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
5.4MEDIUM
 CVE-2026-34776
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
5.3MEDIUM
 CVE-2026-34775
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
6.8MEDIUM
 CVE-2026-34774
< 39.8.1
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1,
8.1HIGH
 CVE-2026-34773
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
4.7MEDIUM
 CVE-2026-34772
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
5.8MEDIUM
 CVE-2026-34771
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
7.5HIGH
 CVE-2026-34770
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
7.0HIGH
 CVE-2026-34769
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
7.7HIGH
 CVE-2026-34768
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
3.9LOW
 CVE-2026-34767
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
5.9MEDIUM
 CVE-2026-34766
< 38.8.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6,
3.3LOW
 CVE-2024-39698
< 6.3.0
electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSign
7.5HIGH
 CVE-2024-27303
< 24.13.2
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Li
7.3HIGH
 CVE-2023-44402
<= 22.3.24
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only imp
6.1MEDIUM
 CVE-2023-39956
< 22.3.9
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps tha
6.1MEDIUM
 CVE-2023-29198
< 22.3.6
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps usi
6.0MEDIUM
 CVE-2023-23623
all versions
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Securit
7.5HIGH
 CVE-2022-36077
< 18.3.7
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21
7.2HIGH
 CVE-2022-29257
< 15.5.0
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in v
6.6MEDIUM
 CVE-2022-29247
< 15.5.5
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in v
2.2LOW
 CVE-2022-21718
< 13.6.6
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in version
3.4LOW
 CVE-2021-39184
>= 10.1.0 and < 11.5.0
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in version
6.8MEDIUM
 CVE-2020-26272
>= 9.0.0 and < 9.4.0
The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electro
5.4MEDIUM
 CVE-2020-15215
all versions
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `conte
5.6MEDIUM
 CVE-2020-15174
>= 8.0.0 and < 8.5.1
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the will-navigate event that apps use to prevent navigations t
7.5HIGH
 CVE-2020-4077
>= 7.0.0 and < 7.2.4
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world co
7.7HIGH
 CVE-2020-4076
>= 7.0.0 and < 7.2.4
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world co
7.8HIGH
 CVE-2020-4075
>= 7.0.0 and < 7.2.4
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window option
6.8MEDIUM
 CVE-2020-15096
< 6.1.1
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running
6.8MEDIUM
 CVE-2018-15685
all versions
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true
8.1HIGH
 CVE-2017-16151
< 1.7.8
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that
9.8CRITICAL
 CVE-2018-1000136
>= 1.7.0 and <= 1.7.12
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerabil
8.1HIGH
 CVE-2018-1000118
<= 1.8.1
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can
8.8HIGH
 CVE-2018-1000006
<= 1.7.10
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol hand
8.8HIGH
 CVE-2017-1000424
>= 1.6.4 and <= 1.6.11
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resul
4.3MEDIUM
 CVE-2017-12581
<= 1.6.7
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects
8.1HIGH
 CVE-2016-1202
<= 0.33.4
Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.j
7.8HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin