VulnerableCode Package Details - pkg:npm/tinymce@5.6.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1eut-y5qx-dkhu Aliases: CVE-2024-21908 GHSA-5h9g-x5rv-25wg GMS-2021-132 GMS-2021-163 GMS-2021-189	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.	5.9.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-4vw1-8jp2-hua7 Aliases: GHSA-5vm8-hhgr-jcjp GMS-2021-190	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.	5.7.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vyvk-n5gm-1uc8 Aliases: CVE-2024-21910 GHSA-r8hm-w5f7-wj39 GMS-2021-133 GMS-2021-164 GMS-2021-192 GMS-2021-8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TinyMCE.	5.10.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1eut-y5qx-dkhu
Aliases:
CVE-2024-21908
GHSA-5h9g-x5rv-25wg
GMS-2021-132
GMS-2021-163
GMS-2021-189

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.

5.9.0
Affected by 1 other vulnerability.

VCID-4vw1-8jp2-hua7
Aliases:
GHSA-5vm8-hhgr-jcjp
GMS-2021-190

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.

5.7.1
Affected by 2 other vulnerabilities.

VCID-vyvk-n5gm-1uc8
Aliases:
CVE-2024-21910
GHSA-r8hm-w5f7-wj39
GMS-2021-133
GMS-2021-164
GMS-2021-192
GMS-2021-8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TinyMCE.

5.10.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9brg-dm6s-2ba7	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.	CVE-2024-21911 GHSA-w7jx-j77m-wp65 GMS-2021-193 GMS-2021-508 GMS-2021-616
VCID-r9zu-cdb9-8ubc	Regex denial of service vulnerability in codesample plugin A regex denial of service (ReDoS) vulnerability was discovered in a dependency of the `codesample` plugin.	GHSA-h96f-fc7c-9r55 GMS-2021-191

Vulnerability

Summary

Aliases

VCID-9brg-dm6s-2ba7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.

CVE-2024-21911
GHSA-w7jx-j77m-wp65
GMS-2021-193
GMS-2021-508
GMS-2021-616

VCID-r9zu-cdb9-8ubc

Regex denial of service vulnerability in codesample plugin A regex denial of service (ReDoS) vulnerability was discovered in a dependency of the `codesample` plugin.

GHSA-h96f-fc7c-9r55
GMS-2021-191

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T01:04:35.912872+00:00	GitLab Importer	Affected by	VCID-vyvk-n5gm-1uc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-192.yml	38.6.0
2026-06-06T01:03:41.420907+00:00	GitLab Importer	Affected by	VCID-1eut-y5qx-dkhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-189.yml	38.6.0
2026-06-06T00:43:18.648416+00:00	GitLab Importer	Affected by	VCID-4vw1-8jp2-hua7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-190.yml	38.6.0
2026-06-04T17:27:50.313072+00:00	GithubOSV Importer	Fixing	VCID-9brg-dm6s-2ba7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-w7jx-j77m-wp65/GHSA-w7jx-j77m-wp65.json	38.6.0
2026-06-04T17:27:50.031128+00:00	GithubOSV Importer	Fixing	VCID-r9zu-cdb9-8ubc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-h96f-fc7c-9r55/GHSA-h96f-fc7c-9r55.json	38.6.0
2026-06-04T16:20:42.853025+00:00	GitLab Importer	Fixing	VCID-r9zu-cdb9-8ubc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-191.yml	38.6.0
2026-06-04T16:20:42.811883+00:00	GitLab Importer	Fixing	VCID-9brg-dm6s-2ba7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/GMS-2021-193.yml	38.6.0