EUVD-2026-31008

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

Security Bulletin: MongoDB Enterprised Advanced affected by: Exposure of Resource to Wrong Sphere and NULL Pointer Dereference (CVE-2026-34765, CVE-2026-34781)

Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34765, CVE-2026-34781. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34765 DESCRIPTION: Electron is a framework for writing...

Security Bulletin: MongoDB Enterprised Advanced affected by: Use After Free (CVE-2026-34764)

Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34764. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34764 DESCRIPTION: Electron is a framework for writing cross-platform desktop applications...

Linux Distros Unpatched Vulnerability : CVE-2026-34781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, app...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2535 more potentially affected by CVE-2026-34765 via electron (>=0.1.2 <=39.8.10)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34765 Source advisory: OSV:GHSA-F3PV-WV63-48X8...

CVE-2026-34772

A flaw was found in Electron, a framework used for developing cross-platform desktop applications. This vulnerability, known as a use-after-free, affects applications that manage downloads and actively terminate user sessions. It occurs when a user dismisses a file save dialog while the applicati...

CVE-2026-34769

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...

Electron 资源管理错误漏洞

Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to...

CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2487 more potentially affected by CVE-2026-34779 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34779 Source advisory: OSV:GHSA-5RQW-R77C-JP79...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2487 more potentially affected by CVE-2026-34778 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34778 Source advisory: OSV:GHSA-XJ5X-M3F3-5X3H...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2487 more potentially affected by CVE-2026-34777 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34777 Source advisory: OSV:GHSA-R5P7-GP4J-QHRX...

Origin Validation Error

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Origin Validation Error in the session.setPermissionRequestHandler function. An attacker can gain unauthorized access to...

Improper Isolation or Compartmentalization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2503 more potentially affected by CVE-2026-34774 via electron (>=0.1.2 <=39.2.7)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34774 Source advisory: OSV:GHSA-532V-XPQ5-8H95...

EUVD-2026-18945

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2487 more potentially affected by CVE-2026-34773 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34773 Source advisory: OSV:GHSA-MWMH-MQ4G-G6GR...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2487 more potentially affected by CVE-2026-34772 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34772 Source advisory: OSV:GHSA-9W97-2464-8783...