Search for packages
| purl | pkg:npm/summernote@0.8.10 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ahev-1yrh-hqdz
Aliases: CVE-2024-29504 GHSA-4wh3-3wf2-39m9 |
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. |
Affected by 1 other vulnerability. |
|
VCID-pz7u-3352-cbcy
Aliases: CVE-2024-37629 GHSA-cc55-mvqc-g9mg |
SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T19:32:47.277655+00:00 | GitLab Importer | Affected by | VCID-pz7u-3352-cbcy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/summernote/CVE-2024-37629.yml | 38.6.0 |
| 2026-06-12T19:25:13.243820+00:00 | GitLab Importer | Affected by | VCID-ahev-1yrh-hqdz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/summernote/CVE-2024-29504.yml | 38.6.0 |