Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ckeditor@4.12.0
Typenpm
Namespace
Nameckeditor
Version4.12.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2mmd-x6ge-fuaw
vulnerability_id VCID-2mmd-x6ge-fuaw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28439
reference_id
reference_type
scores
0
value 0.0054
scoring_system epss
scoring_elements 0.6802
published_at 2026-06-06T12:55:00Z
1
value 0.0054
scoring_system epss
scoring_elements 0.68009
published_at 2026-06-07T12:55:00Z
2
value 0.0054
scoring_system epss
scoring_elements 0.68012
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28439
1
reference_url https://ckeditor.com/cke4/addon/embed
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://ckeditor.com/cke4/addon/embed
2
reference_url https://ckeditor.com/cke4/addon/iframe
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://ckeditor.com/cke4/addon/iframe
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481
reference_id 1034481
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301
reference_id 1059301
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28439
reference_id CVE-2023-28439
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-28439
7
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
reference_id GHSA-vh5c-xwqv-cv9g
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/
reference_id GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/
reference_id L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/
10
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/
reference_id VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/
fixed_packages
aliases CVE-2023-28439, GHSA-vh5c-xwqv-cv9g
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mmd-x6ge-fuaw
1
url VCID-2nbt-ysxu-d3bu
vulnerability_id VCID-2nbt-ysxu-d3bu
summary 
Improper Input Validation
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26271
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70362
published_at 2026-06-05T12:55:00Z
1
value 0.00617
scoring_system epss
scoring_elements 0.7037
published_at 2026-06-06T12:55:00Z
2
value 0.00617
scoring_system epss
scoring_elements 0.7032
published_at 2026-06-04T12:55:00Z
3
value 0.00617
scoring_system epss
scoring_elements 0.70353
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26271
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24729
reference_id
reference_type
scores
0
value 0.01115
scoring_system epss
scoring_elements 0.78532
published_at 2026-06-04T12:55:00Z
1
value 0.01115
scoring_system epss
scoring_elements 0.78557
published_at 2026-06-07T12:55:00Z
2
value 0.01115
scoring_system epss
scoring_elements 0.78566
published_at 2026-06-06T12:55:00Z
3
value 0.01115
scoring_system epss
scoring_elements 0.78558
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24729
2
reference_url https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
url https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
3
reference_url https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
url https://ckeditor.com/cke4/release/CKEditor-4.18.0
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
6
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
7
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
8
reference_url https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416
9
reference_url https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
10
reference_url https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-005
11
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id 982587
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-26271
reference_id CVE-2021-26271
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-26271
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24729
reference_id CVE-2022-24729
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24729
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
reference_id GHSA-f6rf-9m92-x2hh
reference_type
scores
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
17
reference_url https://github.com/advisories/GHSA-jv4c-7jqq-m34x
reference_id GHSA-jv4c-7jqq-m34x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jv4c-7jqq-m34x
fixed_packages
0
url pkg:npm/ckeditor@4.16.0
purl pkg:npm/ckeditor@4.16.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.16.0
1
url pkg:npm/ckeditor@4.18.0
purl pkg:npm/ckeditor@4.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.18.0
aliases CVE-2021-26271, CVE-2022-24729, GHSA-f6rf-9m92-x2hh, GHSA-jv4c-7jqq-m34x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nbt-ysxu-d3bu
2
url VCID-fm9y-ujc1-qbaq
vulnerability_id VCID-fm9y-ujc1-qbaq
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
reference_id
reference_type
scores
0
value 0.00994
scoring_system epss
scoring_elements 0.77271
published_at 2026-06-04T12:55:00Z
1
value 0.00994
scoring_system epss
scoring_elements 0.773
published_at 2026-06-07T12:55:00Z
2
value 0.00994
scoring_system epss
scoring_elements 0.77311
published_at 2026-06-06T12:55:00Z
3
value 0.00994
scoring_system epss
scoring_elements 0.77301
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
1
reference_url https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://ckeditor.com/cke4/release/CKEditor-4.18.0
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
9
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
10
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
reference_id
reference_type
scores
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
11
reference_url https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.drupal.org/sa-core-2022-005
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
reference_id CVE-2022-24728
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
15
reference_url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
17
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
fixed_packages
aliases CVE-2022-24728, GHSA-4fc4-4p5g-6w89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fm9y-ujc1-qbaq
3
url VCID-jwb5-yddw-7yc7
vulnerability_id VCID-jwb5-yddw-7yc7
summary 
Code Injection
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32809
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.4679
published_at 2026-06-06T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46721
published_at 2026-06-04T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46772
published_at 2026-06-07T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46787
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32809
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements
1
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291
reference_id 992291
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32809
reference_id CVE-2021-32809
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32809
14
reference_url https://github.com/advisories/GHSA-7889-rm5j-hpgg
reference_id GHSA-7889-rm5j-hpgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7889-rm5j-hpgg
15
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
16
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:npm/ckeditor@4.16.2
purl pkg:npm/ckeditor@4.16.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.16.2
aliases CVE-2021-32809, GHSA-7889-rm5j-hpgg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwb5-yddw-7yc7
4
url VCID-mevr-4wd2-gkch
vulnerability_id VCID-mevr-4wd2-gkch
summary 
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
It was possible to execute a ReDoS-type attack inside CKEditor 4 before
4.16 by persuading a victim to paste crafted URL-like text into the editor, and
then press Enter or Space (in the Autolink plugin).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26272
reference_id
reference_type
scores
0
value 0.00502
scoring_system epss
scoring_elements 0.66381
published_at 2026-06-04T12:55:00Z
1
value 0.00502
scoring_system epss
scoring_elements 0.66414
published_at 2026-06-07T12:55:00Z
2
value 0.00502
scoring_system epss
scoring_elements 0.6643
published_at 2026-06-06T12:55:00Z
3
value 0.00502
scoring_system epss
scoring_elements 0.66422
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26272
1
reference_url https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
5
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
6
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
7
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id 982587
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-26272
reference_id CVE-2021-26272
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-26272
10
reference_url https://github.com/advisories/GHSA-wpvm-wqr4-p7cw
reference_id GHSA-wpvm-wqr4-p7cw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpvm-wqr4-p7cw
fixed_packages
0
url pkg:npm/ckeditor@4.16.0
purl pkg:npm/ckeditor@4.16.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.16.0
aliases CVE-2021-26272, GHSA-wpvm-wqr4-p7cw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mevr-4wd2-gkch
5
url VCID-x4h6-xdj1-ebeu
vulnerability_id VCID-x4h6-xdj1-ebeu
summary 
Cross-site Scripting
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37695
reference_id
reference_type
scores
0
value 0.0074
scoring_system epss
scoring_elements 0.73283
published_at 2026-06-04T12:55:00Z
1
value 0.0074
scoring_system epss
scoring_elements 0.73311
published_at 2026-06-07T12:55:00Z
2
value 0.0074
scoring_system epss
scoring_elements 0.73325
published_at 2026-06-06T12:55:00Z
3
value 0.0074
scoring_system epss
scoring_elements 0.73319
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37695
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
4
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
5
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290
reference_id 992290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37695
reference_id CVE-2021-37695
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37695
16
reference_url https://github.com/advisories/GHSA-m94c-37g6-cjhc
reference_id GHSA-m94c-37g6-cjhc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m94c-37g6-cjhc
17
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
18
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:npm/ckeditor@4.16.2
purl pkg:npm/ckeditor@4.16.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.16.2
aliases CVE-2021-37695, GHSA-m94c-37g6-cjhc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4h6-xdj1-ebeu
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.12.0