CVE-2026-34780

A flaw was found in Electron, a framework for building cross-platform desktop applications. An attacker capable of executing JavaScript in the main world, for instance through a cross-site scripting XSS vulnerability, could exploit this flaw. By passing VideoFrame objects from the WebCodecs API...

CVE-2026-34780

CVE-2026-34780 / GHSA-jfqg-hf23-qpw2 : Electron context isolation bypass via VideoFrame transfer across contextBridge. If a preload script exposes a bridged VideoFrame to the main world (e.g., via contextBridge.exposeInMainWorld), an attacker with JavaScript in the main world (such as via XSS) ca...

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

EUVD-2023-2557

Malicious code in bioql PyPI...

CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

GHSA-P7V2-P9M8-QQG7 Electron context isolation bypass via nested unserializable return value

Impact Apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Workarounds This issue is exploitable under eithe...

PT-2023-22196 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 22.3.6 Electron versions prior to 23.2.3 Electron versions prior to 24.0.1 Electron versions prior to 25.0.0-alpha.2 Description: Electron is a framework for writing cross-platform desktop applications using...

CVE-2020-4077

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both contextIsolation and contextBridge are affected. Thi...