VulnerableCode Package Details - pkg:deb/debian/ckeditor@4.19.0%2Bdfsg-1?distro=bullseye

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4x92-vapt-n7dz	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at The problem has been recognized and patched.	CVE-2021-41165 GHSA-7h26-63m7-qhf2
VCID-8hvk-a5es-v3e4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.	CVE-2021-41164 GHSA-pvmx-g8h5-cprj
VCID-un66-k85j-b7d2	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.	CVE-2022-24728 GHSA-4fc4-4p5g-6w89
VCID-xhp7-kqdk-tfeu	Improper Input Validation CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.	CVE-2022-24729 GHSA-f6rf-9m92-x2hh

Vulnerability

Summary

Aliases

VCID-4x92-vapt-n7dz

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at The problem has been recognized and patched.

CVE-2021-41165
GHSA-7h26-63m7-qhf2

VCID-8hvk-a5es-v3e4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.

CVE-2021-41164
GHSA-pvmx-g8h5-cprj

VCID-un66-k85j-b7d2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

CVE-2022-24728
GHSA-4fc4-4p5g-6w89

VCID-xhp7-kqdk-tfeu

Improper Input Validation CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

CVE-2022-24729
GHSA-f6rf-9m92-x2hh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-09T17:35:00.557226+00:00	Debian Importer	Fixing	VCID-xhp7-kqdk-tfeu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-09T17:35:00.522244+00:00	Debian Importer	Fixing	VCID-un66-k85j-b7d2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-09T17:35:00.493255+00:00	Debian Importer	Fixing	VCID-4x92-vapt-n7dz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-09T17:35:00.461595+00:00	Debian Importer	Fixing	VCID-8hvk-a5es-v3e4	https://security-tracker.debian.org/tracker/data/json	38.1.0