Vulnerabilities > Electronjs > Electron
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-06 | CVE-2020-15215 | Protection Mechanism Failure vulnerability in Electronjs Electron Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. | 6.8 |
| 2020-10-06 | CVE-2020-15174 | Unspecified vulnerability in Electronjs Electron In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. network electronjs | 5.8 |
| 2020-07-07 | CVE-2020-4077 | Unspecified vulnerability in Electronjs Electron 7.0.0/8.0.0/9.0.0 In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. | 6.5 |
| 2020-07-07 | CVE-2020-4076 | Unspecified vulnerability in Electronjs Electron 7.0.0/8.0.0/9.0.0 In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. | 3.6 |
| 2020-07-07 | CVE-2020-4075 | Files or Directories Accessible to External Parties vulnerability in Electronjs Electron 7.0.0/8.0.0/9.0.0 In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. | 2.1 |
| 2020-07-07 | CVE-2020-15096 | Unspecified vulnerability in Electronjs Electron In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. | 4.0 |
| 2018-08-23 | CVE-2018-15685 | Insecure Default Initialization of Resource vulnerability in Electronjs Electron GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | 6.8 |
| 2018-06-07 | CVE-2017-16151 | Code Injection vulnerability in Electronjs Electron Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. | 7.5 |
| 2018-03-23 | CVE-2018-1000136 | Improper Input Validation vulnerability in Electronjs Electron Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. | 6.8 |
| 2018-03-07 | CVE-2018-1000118 | OS Command Injection vulnerability in Electronjs Electron Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. | 9.3 |