Electron — CVE history (npm)

Electron

46 CVEs affect the Electron npm package (highest CVSS 9.8). Latest disclosed: 2026-06-23. Full CVE history sourced from NVD.

Summary

Package
Electron (npm)
Total CVEs
46
Actively exploited (CISA KEV)
0
Highest CVSS
9.8
Latest disclosed
2026-06-23

Recent CVEs (top 20)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-542572026-06-23Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34781Low2.82026-04-07Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34765Medium6.02026-04-07Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34764Low2.32026-04-06Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34780High8.32026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34779Medium6.52026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34778Medium5.92026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34777Medium5.42026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34776Medium5.32026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34775Medium6.82026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34774High8.12026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34773Medium4.72026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34772Medium5.82026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34771High7.52026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34770High7.02026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34769High7.72026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34768Low3.92026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34767Medium5.92026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34766Low3.32026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2025-55305Medium6.12025-09-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.

All-time worst (top 10 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2017-16151Critical9.82018-06-07Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron.
CVE-2018-1000118High8.82018-03-07Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute.
CVE-2018-1000006High8.82018-01-24GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can b…
CVE-2026-34780High8.32026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2026-34774High8.12026-04-04Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2018-15685High8.12018-08-23GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform…
CVE-2018-1000136High8.12018-03-23Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution.
CVE-2017-12581High8.12017-08-06GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability.
CVE-2024-46992High7.82025-07-01Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
CVE-2020-4076High7.82020-07-07In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass.