Security Advisories

Security advisories for ToDesktop products

This page lists security advisories for ToDesktop Builder and ToDesktop for Electron (CLI). Each advisory includes details about the vulnerability, affected versions, and remediation steps.

Report a vulnerability | Security overview

Security Advisories 2026

No advisories for 2026

Security Advisories 2025
Critical TDSA-2025-001 CVE-2025-67229

Improper Certificate Validation Allows Response Spoofing

ToDesktop Builder | Affected: ToDesktop Builder before 0.32.1
High TDSA-2025-002 CVE-2025-67230

Improper Permissions in Custom URL Scheme Handler

ToDesktop Builder | Affected: ToDesktop Builder before 0.33.0
Medium TDSA-2025-003 CVE-2025-67231

Reflected Cross-Site Scripting (XSS) Vulnerability

ToDesktop Builder | Affected: ToDesktop Builder before 0.33.1
Security Advisories 2024
Critical TDSA-2024-001 CVE-2025-27554

Build Server Command Execution via postinstall Script

ToDesktop for Electron (CLI) | Affected: ToDesktop for Electron before 2024-10-03