Package Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
    "type": "deb",
    "namespace": "debian",
    "name": "ckeditor",
    "version": "4.19.1+dfsg-1",
    "qualifiers": {
        "distro": "sid"
    },
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "4.22.1+dfsg-1",
    "latest_non_vulnerable_version": "4.22.1+dfsg-1",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16848?format=api",
            "vulnerability_id": "VCID-k7qp-c6vp-sqbg",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28439",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0031",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54139",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.0031",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5411",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.0031",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54166",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.0031",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54115",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.0036",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58204",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.0036",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58221",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.0036",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58238",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.0036",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58214",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.0036",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58194",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.0036",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58226",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.0036",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58229",
                            "published_at": "2026-04-18T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28439"
                },
                {
                    "reference_url": "https://ckeditor.com/cke4/addon/embed",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/"
                        }
                    ],
                    "url": "https://ckeditor.com/cke4/addon/embed"
                },
                {
                    "reference_url": "https://ckeditor.com/cke4/addon/iframe",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/"
                        }
                    ],
                    "url": "https://ckeditor.com/cke4/addon/iframe"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481",
                    "reference_id": "1034481",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301",
                    "reference_id": "1059301",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28439",
                    "reference_id": "CVE-2023-28439",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28439"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g",
                    "reference_id": "GHSA-vh5c-xwqv-cv9g",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/"
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/",
                    "reference_id": "GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/"
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/",
                    "reference_id": "L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/"
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/7258-1/",
                    "reference_id": "USN-7258-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/7258-1/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/",
                    "reference_id": "VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/"
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921886?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2023-28439",
                "GHSA-vh5c-xwqv-cv9g"
            ],
            "risk_score": 2.1,
            "exploitability": "0.5",
            "weighted_severity": "4.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qp-c6vp-sqbg"
        }
    ],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11029?format=api",
            "vulnerability_id": "VCID-17pr-6guy-53ge",
            "summary": "Cross-site Scripting\nckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched. The fix will be available",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32808",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80213",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80241",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80238",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80236",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80156",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80163",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80182",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80171",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80199",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80208",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.01368",
                            "scoring_system": "epss",
                            "scoring_elements": "0.80227",
                            "published_at": "2026-04-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32808"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32808",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32808"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992292",
                    "reference_id": "992292",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992292"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32808",
                    "reference_id": "CVE-2021-32808",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32808"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-6226-h7ff-ch6c",
                    "reference_id": "GHSA-6226-h7ff-ch6c",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-6226-h7ff-ch6c"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5340-1/",
                    "reference_id": "USN-5340-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5340-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921884?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.2%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.2%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-32808",
                "GHSA-6226-h7ff-ch6c"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17pr-6guy-53ge"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27329?format=api",
            "vulnerability_id": "VCID-3htn-j487-3ydn",
            "summary": "Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package\n### Impact\nDuring a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document.\n\nThis vulnerability affects only installations with [Real-time collaborative editing](https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html) enabled.\n\n### Patches\nThe problem has been recognized and patched. The fix will be available in version 44.2.1 (and above).\n\n### For more information\nEmail us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25299",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57327",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57376",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57381",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57355",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57375",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57395",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5738",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00348",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57378",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00413",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6147",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00413",
                            "scoring_system": "epss",
                            "scoring_elements": "0.61498",
                            "published_at": "2026-04-04T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25299"
                },
                {
                    "reference_url": "https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html"
                },
                {
                    "reference_url": "https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html?docId=ee1dca024c9b4e44aef039f99ebe6c664",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html?docId=ee1dca024c9b4e44aef039f99ebe6c664"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor5"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor5/releases/tag/v44.2.1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor5/releases/tag/v44.2.1"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-j3mm-wmfm-mwvh",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-j3mm-wmfm-mwvh"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25299",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25299"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-j3mm-wmfm-mwvh",
                    "reference_id": "GHSA-j3mm-wmfm-mwvh",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-j3mm-wmfm-mwvh"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/585026?format=api",
                    "purl": "pkg:deb/debian/ckeditor@0?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@0%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2025-25299",
                "GHSA-j3mm-wmfm-mwvh"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3htn-j487-3ydn"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15972?format=api",
            "vulnerability_id": "VCID-3tqv-ppue-57fr",
            "summary": "CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover\n### Affected Packages\n\nThe issue impacts only editor instances with enabled [version notifications](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-versionCheck).\n\nPlease note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please [contact us](mailto:security@cksource.com).\n\n### Impact\n\nA theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. Although the vulnerability is purely hypothetical, we have addressed it in CKEditor 4.25.0-lts to ensure compliance with security best practices.\n\n### Patches\n\nThe issue has been recognized and patched. The fix is available in version 4.25.0-lts.\n\n### For More Information\n\nIf you have any questions or comments about this advisory, please email us at [security@cksource.com](mailto:security@cksource.com).",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43411",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23192",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23025",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00077",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23236",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23709",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23766",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.2381",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23749",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23795",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.23688",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.0008",
                            "scoring_system": "epss",
                            "scoring_elements": "0.2372",
                            "published_at": "2026-04-16T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43411"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/commit/b5069c9cb769ea22eae1cbd7200f22b1cf2e3a7f",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:50:51Z/"
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/commit/b5069c9cb769ea22eae1cbd7200f22b1cf2e3a7f"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6v96-m24v-f58j",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "3.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:50:51Z/"
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6v96-m24v-f58j"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43411",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43411"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-6v96-m24v-f58j",
                    "reference_id": "GHSA-6v96-m24v-f58j",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-6v96-m24v-f58j"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/7258-1/",
                    "reference_id": "USN-7258-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/7258-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/585026?format=api",
                    "purl": "pkg:deb/debian/ckeditor@0?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@0%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2024-43411",
                "GHSA-6v96-m24v-f58j"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tqv-ppue-57fr"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11581?format=api",
            "vulnerability_id": "VCID-4x92-vapt-n7dz",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at The problem has been recognized and patched.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41165",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30422",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30321",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30364",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30478",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30384",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30366",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30415",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30459",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30506",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30552",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30362",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00117",
                            "scoring_system": "epss",
                            "scoring_elements": "0.30456",
                            "published_at": "2026-04-09T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41165"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417"
                },
                {
                    "reference_url": "https://www.drupal.org/sa-core-2021-011",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.drupal.org/sa-core-2021-011"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217",
                    "reference_id": "1015217",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909",
                    "reference_id": "999909",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2565",
                    "reference_id": "AVG-2565",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2565"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41165",
                    "reference_id": "CVE-2021-41165",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41165"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7h26-63m7-qhf2",
                    "reference_id": "GHSA-7h26-63m7-qhf2",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-7h26-63m7-qhf2"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2",
                    "reference_id": "GHSA-7h26-63m7-qhf2",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921885?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.0%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.0%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-41165",
                "GHSA-7h26-63m7-qhf2"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4x92-vapt-n7dz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11584?format=api",
            "vulnerability_id": "VCID-8hvk-a5es-v3e4",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41164",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22783",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22811",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22851",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22857",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22843",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.229",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22936",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22916",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22863",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22789",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22997",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00076",
                            "scoring_system": "epss",
                            "scoring_elements": "0.22953",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41164"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/"
                },
                {
                    "reference_url": "https://www.drupal.org/sa-core-2021-011",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.drupal.org/sa-core-2021-011"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909",
                    "reference_id": "999909",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2565",
                    "reference_id": "AVG-2565",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Medium",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2565"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41164",
                    "reference_id": "CVE-2021-41164",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41164"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-pvmx-g8h5-cprj",
                    "reference_id": "GHSA-pvmx-g8h5-cprj",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-pvmx-g8h5-cprj"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj",
                    "reference_id": "GHSA-pvmx-g8h5-cprj",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "8.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921885?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.0%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.0%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-41164",
                "GHSA-pvmx-g8h5-cprj"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hvk-a5es-v3e4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56687?format=api",
            "vulnerability_id": "VCID-c8r2-wpf3-47f9",
            "summary": "CKEditor 4 ReDoS Vulnerability\nIt was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26271",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69867",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69964",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69982",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69972",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69929",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69943",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69959",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69935",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69919",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69871",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69894",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00617",
                            "scoring_system": "epss",
                            "scoring_elements": "0.69879",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26271"
                },
                {
                    "reference_url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26271",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26271"
                },
                {
                    "reference_url": "https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first"
                },
                {
                    "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587",
                    "reference_id": "982587",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-jv4c-7jqq-m34x",
                    "reference_id": "GHSA-jv4c-7jqq-m34x",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-jv4c-7jqq-m34x"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/584723?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-26271",
                "GHSA-jv4c-7jqq-m34x"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8r2-wpf3-47f9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34364?format=api",
            "vulnerability_id": "VCID-h5zz-wz8f-2uf6",
            "summary": "Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4\nIt was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26272",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65943",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66056",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66068",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66054",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66018",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66049",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66061",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66042",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6603",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6598",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.66014",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00502",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65985",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26272"
                },
                {
                    "reference_url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26272",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26272"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587",
                    "reference_id": "982587",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-wpvm-wqr4-p7cw",
                    "reference_id": "GHSA-wpvm-wqr4-p7cw",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-wpvm-wqr4-p7cw"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/584723?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-26272",
                "GHSA-wpvm-wqr4-p7cw"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5zz-wz8f-2uf6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10049?format=api",
            "vulnerability_id": "VCID-qb4j-9tz7-m7a2",
            "summary": "Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17960",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83783",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83808",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83806",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83773",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83777",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83706",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.8372",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83734",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83737",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83761",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.02024",
                            "scoring_system": "epss",
                            "scoring_elements": "0.83767",
                            "published_at": "2026-04-09T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17960"
                },
                {
                    "reference_url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released"
                },
                {
                    "reference_url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"
                },
                {
                    "reference_url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960"
                },
                {
                    "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005"
                },
                {
                    "reference_url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205"
                },
                {
                    "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217",
                    "reference_id": "1015217",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960",
                    "reference_id": "CVE-2018-17960",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960"
                },
                {
                    "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml",
                    "reference_id": "CVE-2018-17960.YAML",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml"
                },
                {
                    "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml",
                    "reference_id": "CVE-2018-17960.YAML",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3",
                    "reference_id": "GHSA-g68x-vvqq-pvw3",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/586115?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.11.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.11.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2018-17960",
                "GHSA-g68x-vvqq-pvw3"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb4j-9tz7-m7a2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46066?format=api",
            "vulnerability_id": "VCID-s8u8-xbdk-87dj",
            "summary": "ckeditor4 vulnerable to cross-site scripting\nA cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.9779",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97813",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97814",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97812",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97806",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97805",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97803",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97782",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97788",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.978",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97797",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.49674",
                            "scoring_system": "epss",
                            "scoring_elements": "0.97793",
                            "published_at": "2026-04-07T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829"
                },
                {
                    "reference_url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml"
                },
                {
                    "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml"
                },
                {
                    "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829"
                },
                {
                    "reference_url": "https://www.drupal.org/sa-core-2021-003",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.drupal.org/sa-core-2021-003"
                },
                {
                    "reference_url": "https://www.npmjs.com/package/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.npmjs.com/package/ckeditor4"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217",
                    "reference_id": "1015217",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"
                },
                {
                    "reference_url": "https://security.archlinux.org/ASA-202106-35",
                    "reference_id": "ASA-202106-35",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.archlinux.org/ASA-202106-35"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2069",
                    "reference_id": "AVG-2069",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2069"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388",
                    "reference_id": "GHSA-rgx6-rjj4-c388",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5340-1/",
                    "reference_id": "USN-5340-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5340-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/USN-5340-2/",
                    "reference_id": "USN-USN-5340-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/USN-5340-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-33829",
                "GHSA-rgx6-rjj4-c388"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8u8-xbdk-87dj"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11030?format=api",
            "vulnerability_id": "VCID-sd2a-hmu2-wbax",
            "summary": "Code Injection\nckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32809",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00236",
                            "scoring_system": "epss",
                            "scoring_elements": "0.46583",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00236",
                            "scoring_system": "epss",
                            "scoring_elements": "0.46584",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00236",
                            "scoring_system": "epss",
                            "scoring_elements": "0.46637",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00236",
                            "scoring_system": "epss",
                            "scoring_elements": "0.4664",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00321",
                            "scoring_system": "epss",
                            "scoring_elements": "0.55075",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00321",
                            "scoring_system": "epss",
                            "scoring_elements": "0.55217",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00321",
                            "scoring_system": "epss",
                            "scoring_elements": "0.55236",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00321",
                            "scoring_system": "epss",
                            "scoring_elements": "0.552",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00321",
                            "scoring_system": "epss",
                            "scoring_elements": "0.55176",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00321",
                            "scoring_system": "epss",
                            "scoring_elements": "0.55224",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00321",
                            "scoring_system": "epss",
                            "scoring_elements": "0.55175",
                            "published_at": "2026-04-07T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32809"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291",
                    "reference_id": "992291",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32809",
                    "reference_id": "CVE-2021-32809",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.6",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32809"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7889-rm5j-hpgg",
                    "reference_id": "GHSA-7889-rm5j-hpgg",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-7889-rm5j-hpgg"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5340-1/",
                    "reference_id": "USN-5340-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5340-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/USN-5340-2/",
                    "reference_id": "USN-USN-5340-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/USN-5340-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921884?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.2%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.2%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-32809",
                "GHSA-7889-rm5j-hpgg"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd2a-hmu2-wbax"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15977?format=api",
            "vulnerability_id": "VCID-tkcr-ecev-k3af",
            "summary": "The Preview plugin in CKEditor allows Cross-site scripting (XSS)\nCross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
            "references": [
                {
                    "reference_url": "http://ckeditor.com/node/136981",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://ckeditor.com/node/136981"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5191",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53063",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53056",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53018",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53035",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5294",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53051",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.52965",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53002",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.52989",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53008",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.52957",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00296",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53045",
                            "published_at": "2026-04-21T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5191"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5191",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5191"
                },
                {
                    "reference_url": "http://secunia.com/advisories/60036",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://secunia.com/advisories/60036"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4-releases",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4-releases"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/69161",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "http://www.securityfocus.com/bid/69161"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217",
                    "reference_id": "1015217",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760736",
                    "reference_id": "760736",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760736"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*",
                    "reference_id": "cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:4.4.0:*:*:*:*:*:*:*",
                    "reference_id": "cpe:2.3:a:ckeditor:ckeditor:4.4.0:*:*:*:*:*:*:*",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:4.4.0:*:*:*:*:*:*:*"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:4.4.1:*:*:*:*:*:*:*",
                    "reference_id": "cpe:2.3:a:ckeditor:ckeditor:4.4.1:*:*:*:*:*:*:*",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:4.4.1:*:*:*:*:*:*:*"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5191",
                    "reference_id": "CVE-2014-5191",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv2",
                            "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N"
                        },
                        {
                            "value": "6.9",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5191"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-v27h-j97p-wqmx",
                    "reference_id": "GHSA-v27h-j97p-wqmx",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-v27h-j97p-wqmx"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582802?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.4.4%2Bdfsg1-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.4.4%252Bdfsg1-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2014-5191",
                "GHSA-v27h-j97p-wqmx"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkcr-ecev-k3af"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13363?format=api",
            "vulnerability_id": "VCID-un66-k85j-b7d2",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24728",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.73933",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.73937",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.73962",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.73967",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.73978",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.73986",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74004",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00796",
                            "scoring_system": "epss",
                            "scoring_elements": "0.73981",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.01069",
                            "scoring_system": "epss",
                            "scoring_elements": "0.77748",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.01069",
                            "scoring_system": "epss",
                            "scoring_elements": "0.77755",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.01069",
                            "scoring_system": "epss",
                            "scoring_elements": "0.77756",
                            "published_at": "2026-04-16T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24728"
                },
                {
                    "reference_url": "https://ckeditor.com/cke4/release/CKEditor-4.18.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/"
                        }
                    ],
                    "url": "https://ckeditor.com/cke4/release/CKEditor-4.18.0"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/"
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/"
                },
                {
                    "reference_url": "https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4"
                },
                {
                    "reference_url": "https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/"
                },
                {
                    "reference_url": "https://www.drupal.org/sa-core-2022-005",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/"
                        }
                    ],
                    "url": "https://www.drupal.org/sa-core-2022-005"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/"
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217",
                    "reference_id": "1015217",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24728",
                    "reference_id": "CVE-2022-24728",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24728"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-4fc4-4p5g-6w89",
                    "reference_id": "GHSA-4fc4-4p5g-6w89",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-4fc4-4p5g-6w89"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89",
                    "reference_id": "GHSA-4fc4-4p5g-6w89",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/"
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/7258-1/",
                    "reference_id": "USN-7258-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/7258-1/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/",
                    "reference_id": "VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/"
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/",
                    "reference_id": "WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.4",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/"
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921885?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.0%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.0%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2022-24728",
                "GHSA-4fc4-4p5g-6w89"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-un66-k85j-b7d2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13458?format=api",
            "vulnerability_id": "VCID-usbf-pmfq-1fb6",
            "summary": "Cross-site scripting (XSS) in the clipboard package\n### Impact\nDuring a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration.\n\nThis vulnerability affects **only** installations where the editor configuration meets the following criteria:\n\n1. The [**Block Toolbar**](https://ckeditor.com/docs/ckeditor5/latest/getting-started/setup/toolbar.html#block-toolbar) plugin is enabled.\n1. One of the following plugins is also enabled:\n    - [**General HTML Support**](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html) with a configuration that permits unsafe markup.\n    - [**HTML Embed**](https://ckeditor.com/docs/ckeditor5/latest/features/html/html-embed.html).\n\n### Patches\nThe problem has been recognized and patched. The fix will be available in version 43.1.1 (and above), and explicitly in version 41.3.2.\n\n### Workarounds\nIt's highly recommended to update to the version 43.1.1 or higher. However, if the update is not an option, we recommend disabling the block toolbar plugin.\n\n### For more information\nEmail us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45613",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50758",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50794",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50815",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50786",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50809",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50766",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5077",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50714",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00273",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50733",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45613"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor5"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T14:23:40Z/"
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T14:23:40Z/"
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45613",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.2",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
                        },
                        {
                            "value": "5.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45613"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v",
                    "reference_id": "GHSA-rgg8-g5x8-wr9v",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-rgg8-g5x8-wr9v"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/585026?format=api",
                    "purl": "pkg:deb/debian/ckeditor@0?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@0%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582803?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-17pr-6guy-53ge"
                        },
                        {
                            "vulnerability": "VCID-4x92-vapt-n7dz"
                        },
                        {
                            "vulnerability": "VCID-8hvk-a5es-v3e4"
                        },
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        },
                        {
                            "vulnerability": "VCID-sd2a-hmu2-wbax"
                        },
                        {
                            "vulnerability": "VCID-un66-k85j-b7d2"
                        },
                        {
                            "vulnerability": "VCID-vj35-jtgq-8qbv"
                        },
                        {
                            "vulnerability": "VCID-xhp7-kqdk-tfeu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2024-45613",
                "GHSA-rgg8-g5x8-wr9v"
            ],
            "risk_score": 3.2,
            "exploitability": "0.5",
            "weighted_severity": "6.5",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usbf-pmfq-1fb6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11036?format=api",
            "vulnerability_id": "VCID-vj35-jtgq-8qbv",
            "summary": "Cross-site Scripting\nckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37695",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72889",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72948",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72955",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72945",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72904",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72911",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72928",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72903",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72849",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72856",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72876",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.0074",
                            "scoring_system": "epss",
                            "scoring_elements": "0.72851",
                            "published_at": "2026-04-07T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37695"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3",
                            "scoring_elements": ""
                        },
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc"
                },
                {
                    "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD"
                },
                {
                    "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
                },
                {
                    "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290",
                    "reference_id": "992290",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37695",
                    "reference_id": "CVE-2021-37695",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37695"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-m94c-37g6-cjhc",
                    "reference_id": "GHSA-m94c-37g6-cjhc",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-m94c-37g6-cjhc"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5340-1/",
                    "reference_id": "USN-5340-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5340-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/USN-5340-2/",
                    "reference_id": "USN-USN-5340-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/USN-5340-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921884?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.16.2%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.2%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2021-37695",
                "GHSA-m94c-37g6-cjhc"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vj35-jtgq-8qbv"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13365?format=api",
            "vulnerability_id": "VCID-xhp7-kqdk-tfeu",
            "summary": "Improper Input Validation\nCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24729",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00845",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74813",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74973",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74949",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74983",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74995",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74944",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74996",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74986",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75022",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75029",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00857",
                            "scoring_system": "epss",
                            "scoring_elements": "0.75017",
                            "published_at": "2026-04-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24729"
                },
                {
                    "reference_url": "https://ckeditor.com/cke4/release/CKEditor-4.18.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://ckeditor.com/cke4/release/CKEditor-4.18.0"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729"
                },
                {
                    "reference_url": "https://www.drupal.org/sa-core-2022-005",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://www.drupal.org/sa-core-2022-005"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24729",
                    "reference_id": "CVE-2022-24729",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24729"
                },
                {
                    "reference_url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh",
                    "reference_id": "GHSA-f6rf-9m92-x2hh",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/921885?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.0%2Bdfsg-1?distro=sid",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.0%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582804?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-k7qp-c6vp-sqbg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/582805?format=api",
                    "purl": "pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2?distro=sid",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3tqv-ppue-57fr"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.22.1%252Bdfsg1-2%3Fdistro=sid"
                }
            ],
            "aliases": [
                "CVE-2022-24729",
                "GHSA-f6rf-9m92-x2hh"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhp7-kqdk-tfeu"
        }
    ],
    "risk_score": "2.1",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1%3Fdistro=sid"
}