Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40ckeditor/ckeditor5-list@19.0.0
Typenpm
Namespace@ckeditor
Nameckeditor5-list
Version19.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version27.0.0
Latest_non_vulnerable_version27.0.0
Affected_by_vulnerabilities
0
url VCID-y831-gekf-cqh6
vulnerability_id VCID-y831-gekf-cqh6
summary 
Regular expression Denial of Service in multiple packages
### Impact
A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 packages listed above at version <= 26.0.0.

### Patches
The problem has been recognized and patched. The fix will be available in version 27.0.0.

### For more information
Email us at security@cksource.com if you have any questions or comments about this advisory.

### Acknowledgements
The CKEditor 5 team would like to thank Yeting Li for recognizing and reporting these vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21391
reference_id
reference_type
scores
0
value 0.08303
scoring_system epss
scoring_elements 0.92226
published_at 2026-04-01T12:55:00Z
1
value 0.08303
scoring_system epss
scoring_elements 0.92277
published_at 2026-04-24T12:55:00Z
2
value 0.08303
scoring_system epss
scoring_elements 0.92271
published_at 2026-04-18T12:55:00Z
3
value 0.08303
scoring_system epss
scoring_elements 0.92272
published_at 2026-04-21T12:55:00Z
4
value 0.08303
scoring_system epss
scoring_elements 0.92241
published_at 2026-04-07T12:55:00Z
5
value 0.08303
scoring_system epss
scoring_elements 0.92238
published_at 2026-04-04T12:55:00Z
6
value 0.08303
scoring_system epss
scoring_elements 0.92233
published_at 2026-04-02T12:55:00Z
7
value 0.08303
scoring_system epss
scoring_elements 0.9226
published_at 2026-04-13T12:55:00Z
8
value 0.08303
scoring_system epss
scoring_elements 0.92263
published_at 2026-04-12T12:55:00Z
9
value 0.08303
scoring_system epss
scoring_elements 0.92262
published_at 2026-04-11T12:55:00Z
10
value 0.08303
scoring_system epss
scoring_elements 0.92256
published_at 2026-04-09T12:55:00Z
11
value 0.08303
scoring_system epss
scoring_elements 0.92252
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21391
1
reference_url https://github.com/ckeditor/ckeditor5/releases/tag/v27.0.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor5/releases/tag/v27.0.0
2
reference_url https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21391
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21391
4
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-engine
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-engine
5
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-font
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-font
6
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-image
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-image
7
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-list
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-list
8
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-markdown-gfm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-markdown-gfm
9
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-media-embed
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-media-embed
10
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-paste-from-office
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-paste-from-office
11
reference_url https://www.npmjs.com/package/@ckeditor/ckeditor5-widget
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@ckeditor/ckeditor5-widget
12
reference_url https://github.com/advisories/GHSA-3rh3-wfr4-76mj
reference_id GHSA-3rh3-wfr4-76mj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rh3-wfr4-76mj
fixed_packages
0
url pkg:npm/%40ckeditor/ckeditor5-list@27.0.0
purl pkg:npm/%40ckeditor/ckeditor5-list@27.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-list@27.0.0
aliases CVE-2021-21391, GHSA-3rh3-wfr4-76mj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y831-gekf-cqh6
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-list@19.0.0