Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/%40ckeditor/ckeditor5-real-time-collaboration@44.2.1
purl pkg:npm/%40ckeditor/ckeditor5-real-time-collaboration@44.2.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-3htn-j487-3ydn Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package ### Impact During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. This vulnerability affects only installations with [Real-time collaborative editing](https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html) enabled. ### Patches The problem has been recognized and patched. The fix will be available in version 44.2.1 (and above). ### For more information Email us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory. CVE-2025-25299
GHSA-j3mm-wmfm-mwvh

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-07T04:57:06.833931+00:00 GHSA Importer Fixing VCID-3htn-j487-3ydn https://github.com/advisories/GHSA-j3mm-wmfm-mwvh 38.1.0
2026-04-02T12:40:53.801513+00:00 GitLab Importer Fixing VCID-3htn-j487-3ydn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@ckeditor/ckeditor5-real-time-collaboration/CVE-2025-25299.yml 38.0.0
2026-04-01T12:55:50.006546+00:00 GithubOSV Importer Fixing VCID-3htn-j487-3ydn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-j3mm-wmfm-mwvh/GHSA-j3mm-wmfm-mwvh.json 38.0.0