Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/tinymce@7.1.2
purl pkg:npm/tinymce@7.1.2
Next non-vulnerable version 7.2.0
Latest non-vulnerable version 8.5.1
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-4v71-gmu2-akgq
Aliases:
CVE-2024-38356
GHSA-9hcv-j9pv-qmph
Duplicate This advisory duplicates another.
7.2.0
Affected by 0 other vulnerabilities.
VCID-nqmt-kv4x-juhy
Aliases:
CVE-2024-38357
GHSA-w9jx-4g6g-rp7x
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor.
7.2.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:08:52.316812+00:00 GitLab Importer Affected by VCID-nqmt-kv4x-juhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2024-38357.yml 38.6.0
2026-06-06T05:08:51.035238+00:00 GitLab Importer Affected by VCID-4v71-gmu2-akgq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2024-38356.yml 38.6.0