MAL-2026-1854 Malicious code in ssf-desktop-api-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49396220b88ccf03b280b2ccbf09f84a3c871d1877ca7db06fd0e3fb78221305 The package ssf-desktop-api-electron was found to contain malicious code...

EUVD-2025-178671

Malicious code in graviton-hapi-less-loader-electron npm...

EUVD-2025-179180

Malicious code in electron-nconf-callisto-flare npm...

Malicious code in proxima-node-config-server-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27de1abef874cf3da3daa143496ccb15836fbb297490b54876df4e5a445ce103 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142569 Malicious code in forever-init-hermes-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc72a982fb73f02c8f20755a13b861f7402472d335a1b3e2d03004f3717da706 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120536

Malicious code in webpack-colors-luna-electron npm...

Malicious code in ursa-electron-builder-helmet-foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69dab14f9c372453cd1539810554a152dbae1521576f8135bd17dbf90b01ab50 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-114187

Malicious code in electron-nashira-deneb-norma npm...

EUVD-2025-116602

Malicious code in apollo-command-prompts-electron npm...

EUVD-2025-114219

Malicious code in electron-altair-charon-pegasus npm...

Malicious code in electon (npm)

The package electon was found to contain malicious code...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via lack of support for escapes in PreParserIdentifier V8...

MAL-2025-3820 Malicious code in baby-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 598fa750ced56976e16940829f016c95ce72e423a41d8875aef222ea1b85e54b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OPENSUSE-SU-2025:14917-1 nodejs-electron-33.4.6-1.1 on GA media

These are all security issues fixed in the nodejs-electron-33.4.6-1.1 package on the GA media of openSUSE Tumbleweed...

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the V8 engine. Remediation A fix was pushed into the master branch but not yet...

OPENSUSE-SU-2024:13972-1 nodejs-electron-29.4.0-1.1 on GA media

These are all security issues fixed in the nodejs-electron-29.4.0-1.1 package on the GA media of openSUSE Tumbleweed...