Vulnerabilities > Electronjs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-28 | CVE-2020-26272 | Exposure of Resource to Wrong Sphere vulnerability in Electronjs Electron The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. | 6.5 |
| 2021-01-01 | CVE-2020-35717 | Cross-site Scripting vulnerability in Electronjs Zonote zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). | 9.0 |
| 2020-10-06 | CVE-2020-15215 | Exposure of Resource to Wrong Sphere vulnerability in Electronjs Electron Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. | 5.6 |
| 2020-10-06 | CVE-2020-15174 | Unspecified vulnerability in Electronjs Electron In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. | 7.5 |
| 2020-07-07 | CVE-2020-4077 | Unspecified vulnerability in Electronjs Electron In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. | 9.9 |
| 2020-07-07 | CVE-2020-4076 | Unspecified vulnerability in Electronjs Electron In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. | 9.0 |
| 2020-07-07 | CVE-2020-4075 | Files or Directories Accessible to External Parties vulnerability in Electronjs Electron In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. | 7.5 |
| 2020-07-07 | CVE-2020-15096 | Unspecified vulnerability in Electronjs Electron In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. | 6.8 |
| 2018-08-23 | CVE-2018-15685 | Insecure Default Initialization of Resource vulnerability in Electronjs Electron GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. | 8.1 |
| 2018-06-07 | CVE-2017-16151 | Code Injection vulnerability in Electronjs Electron Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. | 9.8 |