Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ckeditor3@0?distro=bullseye

Type deb

Namespace debian

Name ckeditor3

Version 0

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.6.6.1+dfsg-7

Latest_non_vulnerable_version 3.6.6.1+dfsg-7

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4x7f-qttc-j3bn

vulnerability_id VCID-4x7f-qttc-j3bn

summary It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26271

reference_id

reference_type

scores

value	0.00617
scoring_system	epss
scoring_elements	0.70514
published_at	2026-06-12T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.70423
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26271

reference_url	https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
url	https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_url

https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416

reference_url

https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id	982587
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26271

reference_id

CVE-2021-26271

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26271

reference_url

https://github.com/advisories/GHSA-jv4c-7jqq-m34x

reference_id

GHSA-jv4c-7jqq-m34x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jv4c-7jqq-m34x

fixed_packages

url	pkg:deb/debian/ckeditor3@0?distro=bullseye
purl	pkg:deb/debian/ckeditor3@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@0%3Fdistro=bullseye

url	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
purl	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@3.6.6.1%252Bdfsg-7%3Fdistro=bullseye

aliases CVE-2021-26271, GHSA-f6rf-9m92-x2hh, GHSA-jv4c-7jqq-m34x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x7f-qttc-j3bn

url VCID-68q6-esms-wyae

vulnerability_id VCID-68q6-esms-wyae

summary It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26272

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.66468
published_at	2026-06-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66561
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26272

reference_url

https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26272

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26272

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id	982587
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587

reference_url

https://github.com/advisories/GHSA-wpvm-wqr4-p7cw

reference_id

GHSA-wpvm-wqr4-p7cw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpvm-wqr4-p7cw

fixed_packages

url	pkg:deb/debian/ckeditor3@0?distro=bullseye
purl	pkg:deb/debian/ckeditor3@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@0%3Fdistro=bullseye

url	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
purl	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@3.6.6.1%252Bdfsg-7%3Fdistro=bullseye

aliases CVE-2021-26272, GHSA-wpvm-wqr4-p7cw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68q6-esms-wyae

url VCID-ha1k-ctdq-t3eb

vulnerability_id VCID-ha1k-ctdq-t3eb

summary cross-site scripting

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41164

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.23133
published_at	2026-06-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22937
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/

reference_url

https://www.drupal.org/sa-core-2021-011

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-011

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id	999909
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909

reference_url

https://security.archlinux.org/AVG-2565

reference_id

AVG-2565

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2565

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41164

reference_id

CVE-2021-41164

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41164

reference_url

https://github.com/advisories/GHSA-pvmx-g8h5-cprj

reference_id

GHSA-pvmx-g8h5-cprj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pvmx-g8h5-cprj

reference_url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj

reference_id

GHSA-pvmx-g8h5-cprj

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj

fixed_packages

url	pkg:deb/debian/ckeditor3@0?distro=bullseye
purl	pkg:deb/debian/ckeditor3@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@0%3Fdistro=bullseye

url	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
purl	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@3.6.6.1%252Bdfsg-7%3Fdistro=bullseye

aliases CVE-2021-41164, GHSA-pvmx-g8h5-cprj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ha1k-ctdq-t3eb

url VCID-sbve-m3dq-wqa3

vulnerability_id VCID-sbve-m3dq-wqa3

summary CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24729

reference_id

reference_type

scores

value	0.01115
scoring_system	epss
scoring_elements	0.78604
published_at	2026-06-11T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.7867
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24729

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729

fixed_packages

url	pkg:deb/debian/ckeditor3@0?distro=bullseye
purl	pkg:deb/debian/ckeditor3@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@0%3Fdistro=bullseye

url	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
purl	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@3.6.6.1%252Bdfsg-7%3Fdistro=bullseye

aliases CVE-2022-24729

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbve-m3dq-wqa3

url VCID-x8me-cnv3-ayhf

vulnerability_id VCID-x8me-cnv3-ayhf

summary CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45613

reference_id

reference_type

scores

value	0.0038
scoring_system	epss
scoring_elements	0.60002
published_at	2026-06-12T12:55:00Z

value	0.0038
scoring_system	epss
scoring_elements	0.59893
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45613

reference_url

https://github.com/ckeditor/ckeditor5

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45613

reference_id

CVE-2024-45613

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45613

reference_url

https://github.com/advisories/GHSA-rgg8-g5x8-wr9v

reference_id

GHSA-rgg8-g5x8-wr9v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rgg8-g5x8-wr9v

reference_url

https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v

reference_id

GHSA-rgg8-g5x8-wr9v

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T14:23:40Z/

url

https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v

reference_url

https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1

reference_id

v43.1.1

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T14:23:40Z/

url

https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1

fixed_packages

url	pkg:deb/debian/ckeditor3@0?distro=bullseye
purl	pkg:deb/debian/ckeditor3@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@0%3Fdistro=bullseye

url	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
purl	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@3.6.6.1%252Bdfsg-7%3Fdistro=bullseye

aliases CVE-2024-45613, GHSA-rgg8-g5x8-wr9v

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x8me-cnv3-ayhf

url VCID-yang-fa4m-f3gr

vulnerability_id VCID-yang-fa4m-f3gr

summary ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37695

reference_id

reference_type

scores

value	0.0074
scoring_system	epss
scoring_elements	0.73371
published_at	2026-06-11T12:55:00Z

value	0.0074
scoring_system	epss
scoring_elements	0.73447
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37695

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58

reference_url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc

reference_url

https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-37695

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-37695

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290
reference_id	992290
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290

reference_url

https://github.com/advisories/GHSA-m94c-37g6-cjhc

reference_id

GHSA-m94c-37g6-cjhc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m94c-37g6-cjhc

reference_url	https://usn.ubuntu.com/5340-1/
reference_id	USN-5340-1
reference_type
scores
url	https://usn.ubuntu.com/5340-1/

reference_url	https://usn.ubuntu.com/USN-5340-2/
reference_id	USN-USN-5340-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5340-2/

fixed_packages

url	pkg:deb/debian/ckeditor3@0?distro=bullseye
purl	pkg:deb/debian/ckeditor3@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@0%3Fdistro=bullseye

url	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
purl	pkg:deb/debian/ckeditor3@3.6.6.1%2Bdfsg-7?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@3.6.6.1%252Bdfsg-7%3Fdistro=bullseye

aliases CVE-2021-37695, GHSA-m94c-37g6-cjhc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yang-fa4m-f3gr

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor3@0%3Fdistro=bullseye

Package Instance