Electron — CVE history (npm)
Electron
46 CVEs affect the Electron npm package (highest CVSS 9.8). Latest disclosed: 2026-06-23. Full CVE history sourced from NVD.
Summary
- Package
Electron(npm)- Total CVEs
46- Actively exploited (CISA KEV)
- 0
- Highest CVSS
9.8- Latest disclosed
- 2026-06-23
Recent CVEs (top 20)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-54257 | — | — | — | 2026-06-23 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34781 | Low | 2.8 | — | 2026-04-07 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34765 | Medium | 6.0 | — | 2026-04-07 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34764 | Low | 2.3 | — | 2026-04-06 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34780 | High | 8.3 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34779 | Medium | 6.5 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34778 | Medium | 5.9 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34777 | Medium | 5.4 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34776 | Medium | 5.3 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34775 | Medium | 6.8 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34774 | High | 8.1 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34773 | Medium | 4.7 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34772 | Medium | 5.8 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34771 | High | 7.5 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34770 | High | 7.0 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34769 | High | 7.7 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34768 | Low | 3.9 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34767 | Medium | 5.9 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34766 | Low | 3.3 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2025-55305 | Medium | 6.1 | — | 2025-09-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
All-time worst (top 10 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2017-16151 | Critical | 9.8 | — | 2018-06-07 | Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. |
CVE-2018-1000118 | High | 8.8 | — | 2018-03-07 | Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. |
CVE-2018-1000006 | High | 8.8 | — | 2018-01-24 | GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can b… |
CVE-2026-34780 | High | 8.3 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2026-34774 | High | 8.1 | — | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2018-15685 | High | 8.1 | — | 2018-08-23 | GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform… |
CVE-2018-1000136 | High | 8.1 | — | 2018-03-23 | Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. |
CVE-2017-12581 | High | 8.1 | — | 2017-08-06 | GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. |
CVE-2024-46992 | High | 7.8 | — | 2025-07-01 | Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. |
CVE-2020-4076 | High | 7.8 | — | 2020-07-07 | In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. |