Vulnerabilities > Electronjs

DATE CVE VULNERABILITY TITLE RISK
2021-01-28 CVE-2020-26272 Unspecified vulnerability in Electronjs Electron
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
network
low complexity
electronjs
6.5
2021-01-01 CVE-2020-35717 Cross-site Scripting vulnerability in Electronjs Zonote
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
network
low complexity
electronjs CWE-79
critical
9.0
2020-10-06 CVE-2020-15215 Unspecified vulnerability in Electronjs Electron
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass.
network
high complexity
electronjs
5.6
2020-10-06 CVE-2020-15174 Unspecified vulnerability in Electronjs Electron
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites.
network
high complexity
electronjs
7.5
2020-07-07 CVE-2020-4077 Unspecified vulnerability in Electronjs Electron
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass.
network
low complexity
electronjs
critical
9.9
2020-07-07 CVE-2020-4076 Unspecified vulnerability in Electronjs Electron
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass.
local
low complexity
electronjs
critical
9.0
2020-07-07 CVE-2020-4075 Files or Directories Accessible to External Parties vulnerability in Electronjs Electron
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open.
network
low complexity
electronjs CWE-552
7.5
2020-07-07 CVE-2020-15096 Unspecified vulnerability in Electronjs Electron
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
network
low complexity
electronjs
6.8
2018-08-23 CVE-2018-15685 Insecure Default Initialization of Resource vulnerability in Electronjs Electron
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
network
high complexity
electronjs CWE-1188
8.1
2018-06-07 CVE-2017-16151 Code Injection vulnerability in Electronjs Electron
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron.
network
low complexity
electronjs CWE-94
critical
9.8