Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

electron

Build cross platform desktop apps with JavaScript, HTML, and CSS
Collective - Host: opensource - https://opencollective.com/electron - Website: https://electronjs.org - Code: https://github.com/electron

High
packager: GSA_kwCzR0hTQS0zNGgzLThtdzQtcXc1N84AA6d1
@electron/packager's build process memory potentially leaked into final executable
Ecosystems: npm
Packages: @electron/packager
Source: github
Published: 9 months ago
Moderate
electron: GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electron
Ecosystems: npm
Packages: electron
Source: github
Published: about 1 year ago
High
electron: GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Ecosystems: npm
Packages: electron
Source: github
Published: about 1 year ago
Moderate
electron: GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Ecosystems: npm
Packages: electron
Source: github
Published: over 1 year ago
Moderate
electron: GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return value
Ecosystems: npm
Packages: electron
Source: github
Published: over 1 year ago
High
electron: GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Ecosystems: npm
Packages: electron
Source: github
Published: over 1 year ago
Critical
electron: GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPU
Ecosystems: npm
Packages: electron
Source: github
Published: about 2 years ago
Moderate
electron: GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Ecosystems: npm
Packages: electron
Source: github
Published: about 2 years ago
Moderate
electron: GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt
AutoUpdater module fails to validate certain nested components of the bundle
Ecosystems: npm
Packages: electron
Source: github
Published: over 2 years ago
Low
electron: GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Ecosystems: npm
Packages: electron
Source: github
Published: over 2 years ago
High
electron: GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R
Electron vulnerable to remote command execution
Ecosystems: npm
Packages: electron
Source: github
Published: over 2 years ago
Moderate
electron: GSA_kwCzR0hTQS02aDk4LWNmOWctdm1nMs4AAR20
Electron vulnerable to URL spoofing via PDFium
Ecosystems: npm
Packages: Electron
Source: github
Published: over 2 years ago
Low
electron: GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in Electron
Ecosystems: npm
Packages: electron
Source: github
Published: almost 3 years ago
Moderate
electron: GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Ecosystems: npm
Packages: electron
Source: github
Published: about 3 years ago
Moderate
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in Electron
Ecosystems: npm
Packages: electron
Source: github
Published: almost 4 years ago
Low
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in Electron
Ecosystems: npm
Packages: electron
Source: github
Published: about 4 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0
Unpreventable top-level navigation
Ecosystems: npm
Packages: electron
Source: github
Published: about 4 years ago
Moderate
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht
Arbitrary file read via window-open IPC in Electron
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn
Context isolation bypass via contextBridge in Electron
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5
Context isolation bypass via leaked cross-context objects in Electron
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
Low
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn
Context isolation bypass via Promise in Electron
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2
Electron webPreferences vulnerability can be used to perform remote code execution
Ecosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command Injection
Ecosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Ecosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw
Remote Code Execution in electron
Ecosystems: npm
Packages: electron
Source: github
Published: almost 7 years ago
High
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3
High severity vulnerability that affects electron
Ecosystems: npm
Packages: electron
Source: github
Published: about 7 years ago