Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/ckeditor@5.1.1
Typegem
Namespace
Nameckeditor
Version5.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4x92-vapt-n7dz
vulnerability_id VCID-4x92-vapt-n7dz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at The problem has been recognized and patched.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30422
published_at 2026-04-08T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.3026
published_at 2026-04-24T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30321
published_at 2026-04-21T12:55:00Z
3
value 0.00117
scoring_system epss
scoring_elements 0.30478
published_at 2026-04-01T12:55:00Z
4
value 0.00117
scoring_system epss
scoring_elements 0.30364
published_at 2026-04-18T12:55:00Z
5
value 0.00117
scoring_system epss
scoring_elements 0.30384
published_at 2026-04-16T12:55:00Z
6
value 0.00117
scoring_system epss
scoring_elements 0.30366
published_at 2026-04-13T12:55:00Z
7
value 0.00117
scoring_system epss
scoring_elements 0.30415
published_at 2026-04-12T12:55:00Z
8
value 0.00117
scoring_system epss
scoring_elements 0.30506
published_at 2026-04-02T12:55:00Z
9
value 0.00117
scoring_system epss
scoring_elements 0.30552
published_at 2026-04-04T12:55:00Z
10
value 0.00117
scoring_system epss
scoring_elements 0.30362
published_at 2026-04-07T12:55:00Z
11
value 0.00117
scoring_system epss
scoring_elements 0.30459
published_at 2026-04-11T12:55:00Z
12
value 0.00117
scoring_system epss
scoring_elements 0.30456
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
10
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
reference_id CVE-2021-41165
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
12
reference_url https://github.com/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h26-63m7-qhf2
13
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
fixed_packages
aliases CVE-2021-41165, GHSA-7h26-63m7-qhf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x92-vapt-n7dz
1
url VCID-8hvk-a5es-v3e4
vulnerability_id VCID-8hvk-a5es-v3e4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22953
published_at 2026-04-02T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.22647
published_at 2026-04-24T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22811
published_at 2026-04-21T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22851
published_at 2026-04-18T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22857
published_at 2026-04-16T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.22843
published_at 2026-04-13T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.229
published_at 2026-04-12T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22936
published_at 2026-04-11T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22916
published_at 2026-04-09T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22863
published_at 2026-04-08T12:55:00Z
10
value 0.00076
scoring_system epss
scoring_elements 0.22789
published_at 2026-04-07T12:55:00Z
11
value 0.00076
scoring_system epss
scoring_elements 0.22997
published_at 2026-04-04T12:55:00Z
12
value 0.00076
scoring_system epss
scoring_elements 0.22783
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
8
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
9
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
13
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
reference_id CVE-2021-41164
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
15
reference_url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
fixed_packages
aliases CVE-2021-41164, GHSA-pvmx-g8h5-cprj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hvk-a5es-v3e4
2
url VCID-s8u8-xbdk-87dj
vulnerability_id VCID-s8u8-xbdk-87dj
summary 
ckeditor4 vulnerable to cross-site scripting
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33829
reference_id
reference_type
scores
0
value 0.49674
scoring_system epss
scoring_elements 0.9779
published_at 2026-04-04T12:55:00Z
1
value 0.49674
scoring_system epss
scoring_elements 0.97813
published_at 2026-04-21T12:55:00Z
2
value 0.49674
scoring_system epss
scoring_elements 0.97814
published_at 2026-04-18T12:55:00Z
3
value 0.49674
scoring_system epss
scoring_elements 0.97812
published_at 2026-04-24T12:55:00Z
4
value 0.49674
scoring_system epss
scoring_elements 0.97806
published_at 2026-04-13T12:55:00Z
5
value 0.49674
scoring_system epss
scoring_elements 0.97805
published_at 2026-04-12T12:55:00Z
6
value 0.49674
scoring_system epss
scoring_elements 0.97803
published_at 2026-04-11T12:55:00Z
7
value 0.49674
scoring_system epss
scoring_elements 0.97782
published_at 2026-04-01T12:55:00Z
8
value 0.49674
scoring_system epss
scoring_elements 0.97788
published_at 2026-04-02T12:55:00Z
9
value 0.49674
scoring_system epss
scoring_elements 0.978
published_at 2026-04-09T12:55:00Z
10
value 0.49674
scoring_system epss
scoring_elements 0.97797
published_at 2026-04-08T12:55:00Z
11
value 0.49674
scoring_system epss
scoring_elements 0.97793
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33829
1
reference_url https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33829
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33829
14
reference_url https://www.drupal.org/sa-core-2021-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-003
15
reference_url https://www.npmjs.com/package/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/ckeditor4
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
17
reference_url https://security.archlinux.org/ASA-202106-35
reference_id ASA-202106-35
reference_type
scores
url https://security.archlinux.org/ASA-202106-35
18
reference_url https://security.archlinux.org/AVG-2069
reference_id AVG-2069
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2069
19
reference_url https://github.com/advisories/GHSA-rgx6-rjj4-c388
reference_id GHSA-rgx6-rjj4-c388
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgx6-rjj4-c388
20
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
21
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
aliases CVE-2021-33829, GHSA-rgx6-rjj4-c388
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8u8-xbdk-87dj
3
url VCID-un66-k85j-b7d2
vulnerability_id VCID-un66-k85j-b7d2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
reference_id
reference_type
scores
0
value 0.00796
scoring_system epss
scoring_elements 0.73981
published_at 2026-04-09T12:55:00Z
1
value 0.00796
scoring_system epss
scoring_elements 0.73937
published_at 2026-04-02T12:55:00Z
2
value 0.00796
scoring_system epss
scoring_elements 0.73962
published_at 2026-04-04T12:55:00Z
3
value 0.00796
scoring_system epss
scoring_elements 0.73933
published_at 2026-04-07T12:55:00Z
4
value 0.00796
scoring_system epss
scoring_elements 0.73967
published_at 2026-04-08T12:55:00Z
5
value 0.00796
scoring_system epss
scoring_elements 0.73978
published_at 2026-04-13T12:55:00Z
6
value 0.00796
scoring_system epss
scoring_elements 0.73986
published_at 2026-04-12T12:55:00Z
7
value 0.00796
scoring_system epss
scoring_elements 0.74004
published_at 2026-04-11T12:55:00Z
8
value 0.01069
scoring_system epss
scoring_elements 0.77781
published_at 2026-04-24T12:55:00Z
9
value 0.01069
scoring_system epss
scoring_elements 0.77748
published_at 2026-04-21T12:55:00Z
10
value 0.01069
scoring_system epss
scoring_elements 0.77755
published_at 2026-04-18T12:55:00Z
11
value 0.01069
scoring_system epss
scoring_elements 0.77756
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
1
reference_url https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://ckeditor.com/cke4/release/CKEditor-4.18.0
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
9
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
10
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
reference_id
reference_type
scores
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
11
reference_url https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.drupal.org/sa-core-2022-005
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
reference_id CVE-2022-24728
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
15
reference_url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
17
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
fixed_packages
aliases CVE-2022-24728, GHSA-4fc4-4p5g-6w89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-un66-k85j-b7d2
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/ckeditor@5.1.1