Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/ckeditor5-premium-features@44.2.1
purl pkg:npm/ckeditor5-premium-features@44.2.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-3htn-j487-3ydn Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package ### Impact During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. This vulnerability affects only installations with [Real-time collaborative editing](https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html) enabled. ### Patches The problem has been recognized and patched. The fix will be available in version 44.2.1 (and above). ### For more information Email us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory. CVE-2025-25299
GHSA-j3mm-wmfm-mwvh

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-07T04:57:06.873559+00:00 GHSA Importer Fixing VCID-3htn-j487-3ydn https://github.com/advisories/GHSA-j3mm-wmfm-mwvh 38.1.0
2026-04-02T12:40:53.658659+00:00 GitLab Importer Fixing VCID-3htn-j487-3ydn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor5-premium-features/CVE-2025-25299.yml 38.0.0
2026-04-01T12:55:50.026146+00:00 GithubOSV Importer Fixing VCID-3htn-j487-3ydn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-j3mm-wmfm-mwvh/GHSA-j3mm-wmfm-mwvh.json 38.0.0