Every CVE whose affected-product data names Electronjs Electron, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2017-16151 — CVSS 9.8 (critical): Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects…
CVE-2018-1000118 — CVSS 8.8 (high): Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in…
CVE-2026-34780 — CVSS 8.3 (high): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to…
CVE-2018-15685 — CVSS 8.1 (high): GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or…
CVE-2018-1000136 — CVSS 8.1 (high): Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in…
CVE-2026-34774 — CVSS 8.1 (high): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0…
CVE-2020-4076 — CVSS 7.8 (high): In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in…
CVE-2020-4077 — CVSS 7.7 (high): In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in…
CVE-2026-34769 — CVSS 7.7 (high): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0…
CVE-2026-34771 — CVSS 7.5 (high): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0…
CVE-2023-23623 — CVSS 7.5 (high): Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy…
CVE-2020-15174 — CVSS 7.5 (high): In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to…
CVE-2022-36077 — CVSS 7.2 (high): The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to…
CVE-2026-34770 — CVSS 7.0 (high): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1…
CVE-2020-4075 — CVSS 6.8 (medium): In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a…
CVE-2021-39184 — CVSS 6.8 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior…
CVE-2026-34775 — CVSS 6.8 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4…
CVE-2020-15096 — CVSS 6.8 (medium): In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the…
CVE-2022-29257 — CVSS 6.6 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions…
CVE-2026-34779 — CVSS 6.5 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1…
CVE-2023-44402 — CVSS 6.1 (medium): Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps…
CVE-2023-39956 — CVSS 6.1 (medium): Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are…
CVE-2023-29198 — CVSS 6.0 (medium): Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using…
CVE-2026-34765 — CVSS 6.0 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0…
CVE-2026-34767 — CVSS 5.9 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3…
CVE-2026-34778 — CVSS 5.9 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1…
CVE-2026-34772 — CVSS 5.8 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0…
CVE-2020-15215 — CVSS 5.6 (medium): Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both…
CVE-2026-34777 — CVSS 5.4 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1…
CVE-2020-26272 — CVSS 5.4 (medium): The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC…
CVE-2026-34776 — CVSS 5.3 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1…
CVE-2026-34773 — CVSS 4.7 (medium): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1…
CVE-2026-34768 — CVSS 3.9 (low): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1…
CVE-2022-21718 — CVSS 3.4 (low): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior…
CVE-2026-34766 — CVSS 3.3 (low): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0…
CVE-2026-34781 — CVSS 2.8 (low): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0…
CVE-2026-34764 — CVSS 2.3 (low): Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before…
CVE-2022-29247 — CVSS 2.2 (low): Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions…