pkg:npm/electerm

All known vulnerabilities

• CRITICAL9.8CVE-2026-43940Electerm runWidget has a path traversal that leads to arbitrary code execution
  from 0, < 3.7.16
• CRITICAL9.8CVE-2026-41501electerm has Command Injection via runLinux funtion
  from 0, < 3.3.8
• CRITICAL9.8CVE-2026-41500electerm: electerm_install_script_CommandInjection Vulnerability Report
  from 0, < 3.3.8
• CRITICAL9.8electerm allows unauthorized users to execute arbitrary commands
  from 0, <= 1.3.22
• CRITICAL9.6Electerm users can run dangrous code through link or command line
  >= 3.0.6, < 3.8.8
• HIGH8.8Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
  from 0, < 3.7.9
• HIGH8.8Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click
  from 0, <= 3.8.15
• MEDIUM6.5Electerm's full process.env exposed to renderer via window.pre.env
  from 0, <= 3.8.15
• —electerm's encrypt method not safe enough
  from 0, < 3.9.5
• —Electerm Local code through electerm's single-instance socket
  >= 3.0.6, < 3.9.0
• —Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark
  from 0, <= 3.8.8