Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/django-tinymce@1.5.1b1

Type pypi

Namespace

Name django-tinymce

Version 1.5.1b1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.1.0

Latest_non_vulnerable_version 4.1.0

Affected_by_vulnerabilities

url VCID-h158-313q-vfhp

vulnerability_id VCID-h158-313q-vfhp

summary TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that, when using the `noneditable_regexp` option, any content within an attribute is properly verified to match the configured regular expression before being added. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38356

reference_id

reference_type

scores

value	0.00744
scoring_system	epss
scoring_elements	0.73477
published_at	2026-06-11T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73551
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38356

reference_url

https://github.com/tinymce/tinymce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tinymce/tinymce

reference_url

https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0

reference_url

https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.tiny.cloud/docs/tinymce/latest/7.2-release-notes/#overview

reference_url

https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d

reference_id

5acb741665a98e83d62b91713c800abbff43b00d

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/

url

https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-38356

reference_id

CVE-2024-38356

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-38356

reference_url

https://github.com/advisories/GHSA-9hcv-j9pv-qmph

reference_id

GHSA-9hcv-j9pv-qmph

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9hcv-j9pv-qmph

reference_url

https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph

reference_id

GHSA-9hcv-j9pv-qmph

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/

url

https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph

reference_url

https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview

reference_id

#overview

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/

url

https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview

reference_url

https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview

reference_id

#overview

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/

url

https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview

reference_url	https://usn.ubuntu.com/8223-1/
reference_id	USN-8223-1
reference_type
scores
url	https://usn.ubuntu.com/8223-1/

reference_url

https://owasp.org/www-community/attacks/xss

reference_id

xss

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:29:07Z/

url

https://owasp.org/www-community/attacks/xss

fixed_packages

url	pkg:pypi/django-tinymce@4.1.0
purl	pkg:pypi/django-tinymce@4.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@4.1.0

aliases CVE-2024-38356, GHSA-9hcv-j9pv-qmph

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h158-313q-vfhp

url VCID-kuks-gdgb-pqda

vulnerability_id VCID-kuks-gdgb-pqda

summary TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that content within noscript elements are properly parsed. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38357

reference_id

reference_type

scores

value	0.01148
scoring_system	epss
scoring_elements	0.78956
published_at	2026-06-12T12:55:00Z

value	0.01148
scoring_system	epss
scoring_elements	0.7889
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38357

reference_url

https://github.com/tinymce/tinymce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tinymce/tinymce

reference_url

https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tinymce/tinymce/commit/a9fb858509f86dacfa8b01cfd34653b408983ac0

reference_url

https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d

reference_id

5acb741665a98e83d62b91713c800abbff43b00d

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/

url

https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-38357

reference_id

CVE-2024-38357

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-38357

reference_url

https://github.com/advisories/GHSA-w9jx-4g6g-rp7x

reference_id

GHSA-w9jx-4g6g-rp7x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w9jx-4g6g-rp7x

reference_url

https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x

reference_id

GHSA-w9jx-4g6g-rp7x

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/

url

https://github.com/tinymce/tinymce/security/advisories/GHSA-w9jx-4g6g-rp7x

reference_url

https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview

reference_id

#overview

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/

url

https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview

reference_url

https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview

reference_id

#overview

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/

url

https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview

reference_url	https://usn.ubuntu.com/8223-1/
reference_id	USN-8223-1
reference_type
scores
url	https://usn.ubuntu.com/8223-1/

reference_url

https://owasp.org/www-community/attacks/xss

reference_id

xss

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T13:07:53Z/

url

https://owasp.org/www-community/attacks/xss

fixed_packages

url	pkg:pypi/django-tinymce@4.1.0
purl	pkg:pypi/django-tinymce@4.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@4.1.0

aliases CVE-2024-38357, GHSA-w9jx-4g6g-rp7x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kuks-gdgb-pqda

url VCID-yntm-bkwg-nkb9

vulnerability_id VCID-yntm-bkwg-nkb9

summary TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21910

reference_id

reference_type

scores

value	0.04084
scoring_system	epss
scoring_elements	0.88859
published_at	2026-06-12T12:55:00Z

value	0.04084
scoring_system	epss
scoring_elements	0.88821
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21910

reference_url

https://github.com/tinymce/tinymce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tinymce/tinymce

reference_url

https://pypi.org/project/django-tinymce/3.4.0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/django-tinymce/3.4.0

reference_url

https://github.com/jazzband/django-tinymce/releases/tag/3.4.0

reference_id

3.4.0

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/

url

https://github.com/jazzband/django-tinymce/releases/tag/3.4.0

reference_url

https://pypi.org/project/django-tinymce/3.4.0/

reference_id

3.4.0

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/

url

https://pypi.org/project/django-tinymce/3.4.0/

reference_url

https://github.com/jazzband/django-tinymce/issues/366

reference_id

366

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/

url

https://github.com/jazzband/django-tinymce/issues/366

reference_url

https://github.com/advisories/GHSA-r8hm-w5f7-wj39

reference_id

GHSA-r8hm-w5f7-wj39

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/

url

https://github.com/advisories/GHSA-r8hm-w5f7-wj39

reference_url

https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39

reference_id

GHSA-r8hm-w5f7-wj39

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/

url

https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39

reference_url

https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39

reference_id

vc-advisory-GHSA-r8hm-w5f7-wj39

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-09T20:43:59Z/

url

https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39

fixed_packages

url pkg:pypi/django-tinymce@3.4.0

purl pkg:pypi/django-tinymce@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h158-313q-vfhp

vulnerability	VCID-kuks-gdgb-pqda

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@3.4.0

aliases CVE-2024-21910, GHSA-r8hm-w5f7-wj39, GMS-2021-133, GMS-2021-164, GMS-2021-192, GMS-2021-8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yntm-bkwg-nkb9

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/django-tinymce@1.5.1b1

Package Instance