Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

electron — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting electron. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Electron is an open-source framework enabling developers to build cross-platform desktop applications using web technologies like HTML, CSS, and JavaScript. By embedding the Chromium engine and Node.js runtime, it allows web code to interact directly with the operating system, creating a significant attack surface. Historically, vulnerabilities within this architecture frequently lead to Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from improper handling of IPC channels or insecure default configurations. With 38 recorded CVEs, the framework has faced scrutiny regarding privilege escalation risks when applications fail to properly sandbox web content. While not inherently malicious, the complexity of integrating web and native APIs has resulted in notable security incidents where attackers exploited these interfaces to gain unauthorized system access. Developers must rigorously enforce security policies to mitigate these inherent risks associated with the hybrid nature of Electron-based software.

Found 37 results / 38Clear Filters
Top products by electron: electron packager
Critical2026-05-08
Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click · Advisory · elec
Medium2026-04-08
Crash in clipboard.readImage() on malformed clipboard image data · Advisory · electron/electron · GitHub
High2026-04-04
Context Isolation bypass via contextBridge VideoFrame transfer · Advisory · electron/electron · GitHub
MediumCVE-2023-387782026-04-04
Service worker can spoof executeJavaScript IPC replies · Advisory · electron/electron · GitHub
HighCVE-2020-347772026-04-04
Incorrect origin passed to permission request handler for iframe requests · Advisory · electron/electron · GitHub
MediumCVE-2024-347732026-04-04
Registry key path injection in app.setAsDefaultProtocolClient on Windows · Advisory · electron/electron · GitHub
Medium2026-04-04
AppleScript injection in app.moveToApplicationsFolder on macOS · Advisory · electron/electron · GitHub
CriticalCVE-2024-4477L2026-04-04
Out-of-bounds read in second-instance IPC on macOS and Linux · Advisory · electron/electron · GitHub
MediumCVE-2024-347752026-04-04
nodeIntegrationInWorker not correctly scoped in shared renderer processes · Advisory · electron/electron · GitHub
High2026-04-04
Use-after-free in offscreen child window paint callback · Advisory · electron/electron · GitHub
High2026-04-04
HTTP Response Header Injection in custom protocol handlers and webRequest · Advisory · electron/electron · GitHub
LowCVE-2023-347662026-04-04
Unquoted executable path in app.setLoginItemSettings on Windows · Advisory · electron/electron · GitHub
CriticalCVE-2021-347122026-04-04
Use-after-free in download save dialog callback · Advisory · electron/electron · GitHub
LowCVE-2024-347662026-04-04
USB device selection not validated against filtered device list · Advisory · electron/electron · GitHub
High2026-04-04
Renderer command-line switch injection via undocumented commandLineSwitches webPreference · Advisory · electron/electron
High2026-04-04
Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks · Advisory · electron/ele

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with electron. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.