Skip to content

Instantly share code, notes, and snippets.

Last active November 18, 2023 03:15
Show Gist options
  • Save mttaggart/02ed50c03c8283f4c343c3032dd2e7ec to your computer and use it in GitHub Desktop.
Save mttaggart/02ed50c03c8283f4c343c3032dd2e7ec to your computer and use it in GitHub Desktop.
app_name repo electron_version vulnerable
1Password None 25.8.1 FALSE
3CX Desktop App 19.0.8 TRUE
5EClient None
Abstract None
Account Surfer None
Advanced REST Client ^17.0.0 TRUE
Aedron Shrine None
Aeon 23.2.0 TRUE
Agora Flat None
Airtame None
Altair GraphQL Client
Amialive None
AnotherRedisDesktopManager None
Antares ~22.0.3 TRUE
Appium Desktop ^10.0 TRUE
Arena None
Asana None
Assessment Disaggregation ^25.8.1 FALSE
Assetizr None
AstroPrint Desktop None
Authy 16.2.8 TRUE
Barklarm 25.3.2 TRUE
Basecamp 3 None
Bdash None
Beaker Browser
Beekeeper Studio
Believers Sword ^19.0.0 TRUE
Biscuit None
Blockbench ^25.7.0 TRUE
Boost Changer None
Bootstrap Studio None
BoxHero 23.0.0 TRUE
Boxy SVG None
Brim 22.3.25 TRUE
Brisqi None
Browserosaurus None
Buckets None
Buka None
Buttercup ^22.0.0 TRUE
Cacher None
Calmly Writer None
Camunda Modeler ^26.0.0 TRUE
canSnippet None
Caption Pro None
Caret None
Cargo Messenger None
CashNotify None
CatLight None
CBETA Reader 2 (Unofficial) None
ChatWork None
Chronobreak None
Cider github:castlabs/electron-releases TRUE
clipboard-manager-electron None
Clipper None
clippo None
cliptext None
clockodo None
Clovery 18.0.1 TRUE
CLtracer None
Cocos Creator
Codex ^22.3.18 TRUE
Colibri None
Collectie None
Color Ramp Formulator None
Colorpicker ^19.1.7 TRUE
Compact Log Viewer None
Companion None
Composercat None
Compress None
Container PS None
Copy 2 Online None
Cozy Desktop 23.0.0 TRUE
CryptoARM GOST 7.1.13 TRUE
csgo-tracker None
CyberX None
Cycle None
Cycligent Git Tool None
Danger Crew None
DarkJ None
Dashy None
Dat ^6.1.7 TRUE
Data Pixels Playground None
Data-Forge Notebook None
Datazenit None
Debugtron None
DECK ^13.0.0 TRUE
DeckMaster ^11.2.1 TRUE
Deco IDE
Deepnest None
Deer None
Demio None
Demoflow None
Deskfiler 6.0.9 TRUE
Devbook None
DevHub None
Dict ^9.4.4 TRUE
DigiExam None
Discord None 22.3.24 FALSE
Discord RPC Maker ^22.0.0 TRUE
display-dj ^19.0.2 TRUE
Ditto++ None
Dn Tool Container None
Doki Doki Mod Manager ^10.1.3 TRUE
Domain Book
domodel-diary None 13.1.0 TRUE
Dopamine ^21.0.0 TRUE
Drawtify Designer None
DropPoint ^21.3.1 TRUE
DupFinder None
Dusk Player ^7.3.3 TRUE
Dynobase None
Eagle None
eagluet None
EBTCalc ^26.1.0 TRUE
elcalc None
Electorrent None
Electro None
ElectroCRUD ^22.0.0 TRUE
Electron App Store (Unofficial) ^15.3.0 TRUE
Electron-clippy None
Elements None
Elephicon None
email-securely-app None
Enclica Messenger None
EnderFramework None
Erin ^20.1.0 TRUE
eSearch ^22.3.6 TRUE
ETCD Manager ^6 TRUE
Etcher ^19.1.9 TRUE
EVE Trade None
Everdo None
Excel Parser Processor None
ExifCleaner ^11.0 TRUE
ExpanDrive 22.3.1 TRUE
Explorer None
ExpressLRS Configurator None
F-Curator ^16.0.6 TRUE
FAIRshare 25.8.1 FALSE
fangyuanjian None
FATpick None
Fenêtre None
Fifo 21.4.4 TRUE
Figma None
FileCtor ^9.2.0 TRUE
Fileside None
Final-Countdown None
Find Better Questions None
Fireman None
Fishing Funds ^26.0.0 TRUE
Flawesome None
FLB Music 13.2.2 TRUE
FleetDeck None
FlexPaper None
Flow None
Fluent Reader ^21.0.1 TRUE
Focused Task None
Fog None
FontBase None
Forestpin Analytics None
Forget Me Not None
FotoJet None
Frame 23.1.3 TRUE
Franz None
Free Chess Club ^24.1.3 TRUE
Freeter None
Friends None
Front None
Fudget None
Galeri None
Gaucho ~13.1.9 TRUE
GaussSense Desktop None
GDevelop 18.2.2 TRUE
Geeks Diary None
Geniemoji ^12.0.4 TRUE
Getränkeliste App None
Gibu None
Git-it None
GitBook None
GitHoard None
GitHub Desktop 26.2.1 FALSE
Gitify ^13.1.7 TRUE
GitKraken None 22.3.24 FALSE
Gitscout None
Gluppi None
Glyphr Studio None
Gordie None
GrabCAD Print None
GramTools None
GraphiQL None
GraphQL Playground None
graSSHopper None
Gravit Designer None
Graviton Editor ^10.1.5 TRUE
gSubs ~9.1.0 TRUE
HashTag None
HBBatchBeast None
Headset None
healthi ^15.5.5 TRUE
Hearo None
Helios Launcher None
Heroic None
HexoClient ^7.2.4 TRUE
Hive None
homura None
Horen None
Hoster None
Hozz None
HTTP Toolkit
HTTPS Checker None
Hyper 22.3.24 FALSE
Hyperspace None
i18n Manager None
i5sing None
Iconset None
Illyriad None
Image Optimizer None
ImageShrinker ^11.2.1 TRUE
Imagine None
Inboxer ^3.0 TRUE
INDE Writer None
InfiniTex None
Infiniti Clips ^21.2.0 TRUE
Infinity None
Inkdrop None
Insomnia 25.8.1 FALSE
Instatron None
Interactive Data Editor None
Intu-Mind None
Invizi ^8.3.0 TRUE
ioui None
Iperius Console None
IPTVnator None
Istrolid None
itch ^22.3.14 TRUE
Jabra Direct None 16,2,2 TRUE
Janpankana None
Janus Workspace None
Jasper 18.0.4 TRUE
Joplin 25.8.1 FALSE
jqi None
Juggernaut 8.2.0 TRUE
Jukeboks None
Kahla ^8.3.0 TRUE
kalk None
KanKan None
Kap 13.6.9 TRUE
Kaplan Desktop
kappo None
Karaoke Mugen
Katana None
Kattana None
Keeper Password Manager & Digital Vault None
KeeWeb ^12.0.7 TRUE
Kinesis CI
Kitematic None
Knowte 17.3.1 TRUE
Kobiton None
Kube Dev Dashboard ^22.0.0 TRUE
Kube Forwarder 12.0.2 TRUE
LaraDumps 26.2.1 FALSE
Laravel Kit 21.0.1 TRUE
Last Hit ^7.1.1 TRUE
Laverna None
Lax None
lazyType None
LBRY Desktop 17.2.0 TRUE
LeafView None
Lectrote None
Lepton ^13.0.0 TRUE
Light Table None
LightProxy None
linked 17.0.0 TRUE
Lisk Hub 25.2.0 TRUE
Local by Flywheel
Local Mock Server None
Lode None
Loom None
Loop Team None
LosslessCut None
LoT - Lot of Things
lsdeer ^8.2.1 TRUE
luna None
Lyna None
MagicCap None
Mailspring 17.4.0 TRUE
Markdown C3 None
Markdownify ^7.2.4 TRUE
MarkText None
massCode ^7.1.6 TRUE
Master Tour None
Matrix Writer None
Mattermost 26.2.1 FALSE
MD5 Application None
mdp ^13.1.6 TRUE
media-dupes None
mediaChips ^17.0.0 TRUE
MeisterTask None
Mélodie 18.0.0 TRUE
Merge Request Notifier None
Metronome None
Metronome Wallet 13.1.4 TRUE
Microsoft Teams None 19.1.8 TRUE
Microstockr None
Mikropausen None
Min 26.2.1 FALSE
Mini Diary ^8.3.0 TRUE
Minimal Image Viewer None
Missive None
Mixmax None
MJML App 7.2.4 TRUE
Mobile Locker None
MockingBot None
modelDBA None
ModernDeck for Twitter ^19.1.9 TRUE
MonAmi Note None
MongoDB Compass None 24.8.2 FALSE
Mongomix None
Mongotron None
Monokle 26.2.2 TRUE
monolith code ^19.0.6 TRUE
MonsterWriter None
Moonitor None
Morgen None
Motrix ^22.3.9 TRUE
MoviePrint 7.1.11 TRUE
Mr Noplay
Mr.Dclutterer None
muezzin None
Multiple File Manager None
Multrin None
Museeks 26.1.0 TRUE
Music Player ^17.2.0 TRUE
music-player ^7.3.3 TRUE
Musify ^7.2.4 TRUE
MuteMe 23.2.2 TRUE
MyTools None
Nertivia ^15.3.1 TRUE
Netron 26.2.2 TRUE
Network Status Check ^22.0.0 TRUE
NetworkAssembler None
NeuCalculator None
Norde Source None
NorthReader None
Notejoy None
Notion None 26.2.1 FALSE
nteract 11.5.0 TRUE
NubiDo None
nuclear ^12.1.0 TRUE
Nuclide None
nxshell None
Obsidian None 25.8.1 FALSE
octopi-init 2.0.8 TRUE
ODrive None
OhHai Browser ^8.2.5 TRUE
One Copy None
Open Log Viewer None
Open Stage Control None
OpenBazaar None
OpenComic None
Oversetter ^7.1.9 TRUE
P3X OneNote ^25.8.2 FALSE
P3X Redis UI ^26.1.0 TRUE
PamFax None
Panda 2 None
PanWriter ^22.0.0 TRUE
PaperArxiv None
PaperCubes None
Papyrus None
Parsify Desktop None
Particle Dev None
passky ^22.1.0 TRUE
Patchwork ^11.3.0 TRUE
Paymo Time Tracker None
Peacock None
PeerShare None
Pencil 16.0.0 TRUE
Pennywise None
Petal None
Phiewer None
PhonePresenter None
Photo Viewer None
PhotoScreenSaver None
Pic Crop None
Picturama ~11.1.0 TRUE
PileMd None
PiTV 22.0.0 TRUE
Playback None
PlayCode None
Pocket Server None
Poddycast None
poi ^24.2.0 TRUE
Polypane None 26.2.4 FALSE
pomodoro-logger None
Pomolectron None
Pomotroid ^11.0.1 TRUE
PopSQL None
Postbird None
Postman None 18.3.5 TRUE
Pragli None
PreMiD 11.3.0 TRUE
Preserver None None
PrettyEarth ^15.0.0 TRUE
PrexView None
Primate ^22.0.3 TRUE
primitive.nextgen None
ProDoctor Medicamentos None
Proposales None
ProtegoPDF None
Protoman None
ProtoPie None
Pullp None
Puppetry ^12.0.6 TRUE
Putler None
Qawl ^10.2.0 TRUE
qikQR None
Quail None
Quark ^6.1.9 TRUE
Quba E-Invoice Viewer 20.0.0 TRUE
QuickBooks None
QuickRedis 15.5.5 TRUE
r2e-todoworks None
R6RC ^9.1.0 TRUE
Radio 50/50 Player None
Raider for Instagram
Rainbow Board ^12.0.1 TRUE
Rambox 13.6.3 TRUE
Raven Reader None
raycho None
Reach Podcast Player None
React-Explorer None
Rebaslight ^23.1.0 TRUE
Recode Converter ^11.5.0 TRUE
Redis GUI (unofficial) 19.1.9 TRUE
Remaining Time None
Remember None
Remind None
RemSupp None
RenderTune 11.3.0 TRUE
Repic None
ReqView None
Responsively App
Responsivize ^12.0.7 TRUE
Reversee None
Ride Receipts ^9.0.4 TRUE
Riot ^26.2.1 FALSE
rmclient None
Rocket.Chat None
RunJS None
RStudio 26.2.4 FALSE
Saadhn None
Scratch For Discord ^19.0.8 TRUE
ScreenCat None
SeaPig ^7.0.0 TRUE
Sejda PDF Desktop None ^7.0.0 TRUE
Sencha Architect None
Sencha Inspector None
Sencha Test None
Sencha Themer None
SEOBrowse ^9.0.0 TRUE
Serene App None
Serina ^24.2.0 TRUE
Ses None
sFTP Client None
shadowsocks-electron None
Shapespark None
sheepChat None
Shift None
Shuttle None
Signal 25.8.1 FALSE
Silex website builder 10.1.5 TRUE
Simpico None
Simple-Finder None
SimpleInstaBot ^19.1.8 TRUE
Simplenote 12.0.5 TRUE
Singlebox 18.0.1 TRUE
Sizzy None
Skype None
Slack None 26.2.1 FALSE
Slapdash None
sleek None
Smallpdf None
SnailFM 25.8.1 FALSE
SnipAway None
SnipCommand None
Snipline None
Snippet Store ^7.3.3 TRUE
SnowyOwl None
Social Amnesia None
Socially ^12.0.2 TRUE
Sofia None
Somiibo None
SongRiffer None
Sononym None
Soundboard None
Soundglass None
Soundnode ^8.0.1 TRUE
Source Me None
SpaceEye ~9.2.0 TRUE
SparkChess None
SpinShare Client 12.2.3 TRUE
Splice None
SportFX Studio None
SpotSpot None
Spreaker Studio None
Sqlectron ^12.0.1 TRUE
sqlui-native ^20.2.0 TRUE
Stack None
stacker ^22.3.24 FALSE
Stacks None
Standard Notes 17.4.2 TRUE
Standup Picker ^16.0.7 TRUE
Station None
stay-hydrated None
SteelSeries Engine 3 None 23.1.3 TRUE
StickyNotes None
Stinker ^11.4.11 TRUE
Stockifier None
Stopawu None
StopLight None
Storaji None
StreamBop 25.8.1 FALSE
Streamlabs Desktop 17.4.11 TRUE
Street View Download 360 None
StudioTrans None
StudyMD None
Sturdy 19.0.0-alpha.3 TRUE
Subordination None
Subtitler ^8 TRUE
Super Productivity ^23.3.13 TRUE
Superpowers — HTML5 2D+3D game maker None
Superscript None
Svgsus None
Swifty None
Swit None
Switch ^7.0.0-beta.6 TRUE
SwitchHosts 24.8.3 FALSE
Symphony ^26.2.1 FALSE
Synap None
T.Viewer None
Tabby None
Tabby Terminal ^25.3.0 TRUE
TagFlow None
TagSpaces 25.1.1 TRUE
Taskade None
Taskana 24.1.2 TRUE
TEA Ebook None
Teleios Bible None
Ten Hands
Tèsèvè 1.2.1 TRUE
Tess None
TestCafe Studio None
Testrec None
texpaste None
TextureLab ^13.0.0 TRUE
The Poker Timer None
themebuilder None
ThisMyPC None
Thorium Reader ^25.5.0 TRUE
Threema For Desktop None
ThunderDocs None
TidGi None
Tilde None
Tiliq None
Time Series Admin 8.5.2 TRUE
Time Zone Converter and World Clock None
timeBuzzer None
Timetable None
To Do ^11.1.1 TRUE
todometer ^22.0.2 TRUE
Tofino None
tonfotos None
Top Browser
Tough Cookies None
Trackabi Time Tracker
TrackingTime None
Transee ^18.0.1 TRUE
Translation Editor
Translatium 16.1.0 TRUE
Trello None
TriCo None
Trilium Notes None
Trivia Desktop None
Tropy ^26.1.0 TRUE
Trym None
ttth None
Turbo Download Manager None
Tusk 6.0.11 TRUE
Tutti Quanti Shelf None
TweakStyle None
Tweeten None
Twinkle Tray ^20.3.6 TRUE
Twitch None
Typetalk None
Tzared None
U Stair ^9.3.4 TRUE
ueli ^26.2.1 FALSE
UMLBoard None
Unfx Proxy Checker ^20.1.4 TRUE
Unicopedia Plus None
Unicopedia Sinica None
Unofficial Desktop Client for Google Assistant None
Unofficial Google Chat App None
Unofficial Zalo None
Upcount ^10.2.0 TRUE
uPhone None
Utilso None
Vade Mecum Shelf None
Vagrant Manager None
Vectr None
Vershd None
Video Hub App None
Video Player None
Vikunja 26.2.3 TRUE
Visual Family Tree
Visual Studio Code 25.8.2 FALSE
VK Messenger None
Voice Notifies None
VoIPstudio None
Vrap None
Vue Calc None
VuPC None
Waifu2x GUI None
Waiterio Restaurant POS None
Wakefy None
Walling None
Wanna Class None
Waqt None
Wayward None
Web Net
Web Toolbox None
WebCatalog None
Webkiosk-Wrapper None
WebKitty ^17.1.0 TRUE
WebTorrent 15.5.7 TRUE
WeekToDo None
WeFlow None
WeightHub None
Weltenschaft None
Wexond None
Whale None
WhatsApp None
Wildlink None
WizardMirror ^6.0.2 TRUE
wnr 22.3.18 TRUE
WordMark None
WordofTheHour None
WordPress None
WorkPuls None
World History AP None
WoW Stat None
XMind ZEN None
Xuanxuan IM None
y2mp3 None
yana ^10.1.1 TRUE
Yet-Another-Gitbook-Reader None
Yoheim None
Yout None
Youtube Music for Desktop (Unofficial) ^20.3.3 TRUE
YTMDesktop App ^11.4.9 TRUE
Zap 9.4.4 TRUE
Zector None
Zello None
Zeplin None
Zerabase None
Zettlr ^25.8.1 FALSE
zonote None
Zoommy None
Zulip ^25.8.1 FALSE
白前 None
Copy link

MongoDB Compass 1.39.4 updated to Electron 24.8.2

Copy link

@ChrisRobb93, added, thank you!

Copy link

cmitasch commented Sep 29, 2023


I've just checked "3CX Desktop App" Version:18.10.461.
$ strings 3CXDesktopApp.exe |grep '^Chrome/[0-9.]* Electron/[0-9]'
Chrome/102.0.5005.148 Electron/19.0.8

And the latest version:
3CXDesktopApp/app-18.13.959$ strings 3CXDesktopApp.exe |grep '^Chrome/[0-9.]* Electron/[0-9]'
Chrome/112.0.5615.165 Electron/24.3.0

How can I verify if it's vulnerable?


Copy link

The patched (fixed) versions of Electron are

Electron v22.3.24, v24.8.3, v25.8.1 - released September 13 and fixes CVE-2023-4863 as well as CVE-2023-4763, CVE-2023-4762, and CVE-2023-4761

Copy link

mttaggart commented Sep 29, 2023 via email

Copy link

Cytraen commented Sep 30, 2023

Fixed in Bitwarden Desktop since v2023.8.4.
Latest (v2023.9.1) is on Electron v24.8.5

Copy link

mfhepp commented Oct 1, 2023

Just wanted to stress that there are currently two zero-day exploits related to Electron, one caused by libwebp described in CVE-2023-4863, and an additional one from CVE-2023-5217 in libvpx.

While the core libwebp issue might have been addressed by Electron 25.8.1, CVE-2023-5217 was only fixed in Electron 25.8.4 or Electron 26.2.4

So to mitigate both risks, the Electron version must be >= 25.8.4 or >= 26.2.4. 26.2.1. fixes the libwebp issue, but not the libvpx one.

Copy link

mttaggart commented Oct 1, 2023 via email

Copy link

@tauheedali Great find! Added in the latest version.

Copy link

mfhepp commented Oct 2, 2023

This tracker is listed as for CVE-2023-4863 explicitly, but that's a good clarification.

Thanks! As the two CVEs are both creating the need to identify apps with an outdated Electron version, and are both via injected HTML + media content: Would you consider adding "and CVE-2023-5217" to the title?

There is a huge demand for your list and for identifying apps with Electron inside, and two separate lists seem like an overkill given the short distance between the required Electron updates.

Copy link

@mfhepp So right now, this CSV is being manually updated from the "authoritative" list here:

But I wanna do some work today to make this a bit easier. The result may be a separate resource, but one that can be more easily updated.

Copy link

barmac commented Oct 3, 2023

Fixed in Camunda Modeler v5.12.2. I'll create a PR with update in the repository linked in Google Spreadsheet.

Copy link

Attentaion all: this list is now deprecated. Please visit for the latest data.

Copy link

carlbray commented Oct 4, 2023

MongoDB Compass 1.39.4 updated to Electron 24.8.2 doesn't quote CVE-2023-4863 as being fixed however?

Only the following:

Copy link

mttaggart commented Oct 4, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment