Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

Impact Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. Workarounds No workarounds. Do not use these impacted Electron releases Fixed Versions 42.3.3 For more information If you have any questions or...

EUVD-2026-31008

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

Security Bulletin: MongoDB Enterprised Advanced affected by: Exposure of Resource to Wrong Sphere and NULL Pointer Dereference (CVE-2026-34765, CVE-2026-34781)

Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34765, CVE-2026-34781. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34765 DESCRIPTION: Electron is a framework for writing...

Security Bulletin: MongoDB Enterprised Advanced affected by: Use After Free (CVE-2026-34764)

Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34764. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34764 DESCRIPTION: Electron is a framework for writing cross-platform desktop applications...

Linux Distros Unpatched Vulnerability : CVE-2026-34781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, app...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2583 more potentially affected by CVE-2026-34765 via electron (>=0.1.2 <=39.8.10)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34765 Source advisory: OSV:GHSA-F3PV-WV63-48X8...

CVE-2026-34772

A flaw was found in Electron, a framework used for developing cross-platform desktop applications. This vulnerability, known as a use-after-free, affects applications that manage downloads and actively terminate user sessions. It occurs when a user dismisses a file save dialog while the applicati...

CVE-2026-34769

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...

Electron 资源管理错误漏洞

Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to...

CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2513 more potentially affected by CVE-2026-34779 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34779 Source advisory: OSV:GHSA-5RQW-R77C-JP79...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2513 more potentially affected by CVE-2026-34778 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34778 Source advisory: OSV:GHSA-XJ5X-M3F3-5X3H...

Origin Validation Error

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Origin Validation Error in the session.setPermissionRequestHandler function. An attacker can gain unauthorized access to...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2513 more potentially affected by CVE-2026-34777 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34777 Source advisory: OSV:GHSA-R5P7-GP4J-QHRX...

Improper Isolation or Compartmentalization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2549 more potentially affected by CVE-2026-34774 via electron (>=0.1.2 <=39.2.7)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34774 Source advisory: OSV:GHSA-532V-XPQ5-8H95...

EUVD-2026-18945

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2513 more potentially affected by CVE-2026-34773 via electron (>=0.1.2 <=38.6.0)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34773 Source advisory: OSV:GHSA-MWMH-MQ4G-G6GR...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...