Skip to content
Tools / presenton / Security

Security Deep Dive

presenton

Security posture and CVE patch evidence from tracked releases.

Back to Tool

44 high-severity dependency CVEs affects electron-v0.8.6-beta.

Review the dependency vulnerabilities below.

— Signed — SLSA — SBOM ✗ Security policy Weekly cadence · 3d median Active maintainer

Trust Signals — 2 of 9 Present

Evidence already collected from releases and repository metadata.

2/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Unknown
GitHub SBOM API Latest release
SECURITY.md Absent
GitHub repository metadata Repository policy
Checked: 23d ago
Release cadence: weekly Present
3d median over recent releases Release history
Latest release: 5d ago
Maintainer active Present
Recent commit activity Repository
Last commit: 2d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 5d ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 5d ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 5d ago
4.0/10 Security Score
Dependency Exposure 99 transitive dependency CVEs found in the latest SBOM.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.25 / 0.5

No EPSS data

freshness

1.00 / 1.0

1d stale

scorecard

2.00 / 4.0

⚠ Estimated — not yet collected

cve health

0.25 / 2.5

⚠ No direct scan — 0c/44h transitive CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

1.50 / 1.5

No KEV exposure

supply chain risk

-1.50 / 10.0

Risk 89.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

1.0

25%

direct cves: clear cve scan: estimated

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

1.1

10%

supply chain risk: 89.03 transitive cves: 0c/44h

Provenance trust

provenance trust

5.0

40%

scorecard score: estimated openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 1d

Operational risk

operational risk

8.5

10%

kev exposure: clear epss max: none
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 89.0/100
0 Transitive critical CVEs
0 KEV-transitive CVEs
49% Dependency freshness

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

Dependency Vulnerabilities

1582 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

0

High

44

Medium

48

Low

7

Unknown

0

Still affecting latest (1) All (99)
High 44 Medium 48 Low 7
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2021-32677 high fastapi v0.8.3-beta
CVE-2022-40898 high wheel v0.8.3-beta
CVE-2024-12905 high tar-fs 3.0.4 v0.8.3-beta
CVE-2024-24762 high fastapi v0.8.3-beta
CVE-2025-48387 high tar-fs 3.0.4 v0.8.3-beta
CVE-2025-59343 high tar-fs 3.0.4 v0.8.3-beta
CVE-2025-64756 high glob 10.4.5 v0.8.3-beta
CVE-2026-23745 high tar 6.2.1 v0.8.3-beta
CVE-2026-23950 high tar 6.2.1 v0.8.3-beta
CVE-2026-24049 high wheel v0.8.3-beta
CVE-2026-24842 high tar 6.2.1 v0.8.3-beta
CVE-2026-25547 high @isaacs/brace-expansion 5.0.0 v0.8.3-beta
CVE-2026-26960 high tar 7.5.7 v0.8.3-beta
CVE-2026-26996 high minimatch 10.1.1 v0.8.3-beta
CVE-2026-27903 high minimatch 10.1.1 v0.8.3-beta
CVE-2026-27904 high minimatch 10.1.1 v0.8.3-beta
CVE-2026-29786 high tar 7.5.7 v0.8.3-beta
CVE-2026-31802 high tar 7.5.7 v0.8.3-beta
CVE-2026-33671 high picomatch 4.0.3 v0.8.3-beta
CVE-2026-34601 high @xmldom/xmldom 0.8.11 v0.8.3-beta
CVE-2026-34769 high electron 36.9.5 v0.8.3-beta
CVE-2026-34770 high electron 36.9.5 v0.8.3-beta
CVE-2026-34771 high electron 36.9.5 v0.8.3-beta
CVE-2026-34774 high electron 36.9.5 v0.8.3-beta
CVE-2026-39983 high basic-ftp 5.2.0 v0.8.3-beta
CVE-2026-41324 high basic-ftp 5.2.0 v0.8.3-beta
CVE-2026-41672 high @xmldom/xmldom 0.8.11 v0.8.3-beta
CVE-2026-41673 high @xmldom/xmldom 0.8.11 v0.8.3-beta
CVE-2026-41674 high @xmldom/xmldom 0.8.11 v0.8.3-beta
CVE-2026-41675 high @xmldom/xmldom 0.8.11 v0.8.3-beta
CVE-2026-42033 high axios 1.14.0 v0.8.3-beta
CVE-2026-42035 high axios 1.14.0 v0.8.3-beta
CVE-2026-42043 high axios 1.14.0 v0.8.3-beta
CVE-2026-42264 high axios 1.14.0 v0.8.3-beta
CVE-2026-42561 high python-multipart 0.0.26 v0.8.3-beta
CVE-2026-44240 high basic-ftp 5.2.0 v0.8.3-beta
CVE-2026-44307 high mako 1.3.11 v0.8.3-beta
CVE-2026-4800 high lodash-es 4.17.21 v0.8.3-beta
CVE-2026-4800 high lodash 4.17.23 v0.8.3-beta
GHSA-5j59-xgg2-r9c4 high next 14.2.31 v0.8.3-beta
GHSA-6v7q-wjvx-w8wg high basic-ftp 5.2.0 v0.8.3-beta
GHSA-h25m-26qc-wcjf high next 14.2.31 v0.8.3-beta
GHSA-mwv6-3258-q52c high next 14.2.31 v0.8.3-beta
GHSA-q4gf-8mx6-v5v3 high next 14.2.31 v0.8.3-beta
CVE-2025-13465 medium lodash-es 4.17.21 v0.8.3-beta
CVE-2025-13465 medium lodash 4.17.21 v0.8.3-beta
CVE-2025-15284 medium qs 6.14.0 v0.8.3-beta
CVE-2025-15599 medium dompurify 3.2.6 v0.8.3-beta
CVE-2025-54880 medium mermaid 11.9.0 v0.8.3-beta
CVE-2025-54881 medium mermaid 11.9.0 v0.8.3-beta
CVE-2025-57822 medium next 14.2.31 v0.8.3-beta
CVE-2025-59471 medium next 14.2.31 v0.8.3-beta
CVE-2025-62718 medium axios 1.14.0 v0.8.3-beta
CVE-2025-69873 medium ajv 6.12.6 v0.8.3-beta
CVE-2026-0540 medium dompurify 3.2.6 v0.8.3-beta
CVE-2026-2327 medium markdown-it 14.1.0 v0.8.3-beta
CVE-2026-27980 medium next 14.2.31 v0.8.3-beta
CVE-2026-29057 medium next 14.2.31 v0.8.3-beta
CVE-2026-2950 medium lodash-es 4.17.21 v0.8.3-beta
CVE-2026-2950 medium lodash 4.17.23 v0.8.3-beta
CVE-2026-33532 medium yaml 2.8.1 v0.8.3-beta
CVE-2026-33672 medium picomatch 4.0.3 v0.8.3-beta
CVE-2026-33750 medium brace-expansion 1.1.12 v0.8.3-beta
CVE-2026-34765 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34767 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34772 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34773 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34775 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34776 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34777 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34778 medium electron 36.9.5 v0.8.3-beta
CVE-2026-34779 medium electron 36.9.5 v0.8.3-beta
CVE-2026-40175 medium axios 1.14.0 v0.8.3-beta
CVE-2026-41238 medium dompurify 3.2.6 v0.8.3-beta
CVE-2026-41239 medium dompurify 3.2.6 v0.8.3-beta
CVE-2026-41240 medium dompurify 3.2.6 v0.8.3-beta
CVE-2026-41305 medium postcss 8.4.31 v0.8.3-beta
CVE-2026-41907 medium uuid 13.0.0 v0.8.3-beta
CVE-2026-42034 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42036 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42037 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42038 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42039 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42041 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42042 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42044 medium axios 1.14.0 v0.8.3-beta
CVE-2026-42338 medium ip-address 10.1.0 v0.8.3-beta
GHSA-39q2-94rc-95cp medium dompurify 3.2.6 v0.8.3-beta
GHSA-cj63-jhhr-wcxv medium dompurify 3.2.6 v0.8.3-beta
GHSA-cjmm-f4jc-qw8r medium dompurify 3.2.6 v0.8.3-beta
GHSA-h8r8-wccr-v5f2 medium dompurify 3.2.6 v0.8.3-beta
GHSA-r4q5-vmmm-2653 medium follow-redirects 1.15.11 v0.8.3-beta
CVE-2026-2391 low qs 6.14.0 v0.8.3-beta
CVE-2026-34764 low electron 36.9.5 v0.8.3-beta
CVE-2026-34766 low electron 36.9.5 v0.8.3-beta
CVE-2026-34768 low electron 36.9.5 v0.8.3-beta
CVE-2026-34781 low electron 36.9.5 v0.8.3-beta
CVE-2026-42040 low axios 1.14.0 v0.8.3-beta
CVE-2026-7597 low mem0ai v0.8.3-beta

Showing 99 of 99

Beta — feedback welcome: [email protected]