VulnerableCode Package Details - pkg:npm/ckeditor@4.16.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-my43-4zns-1qh9	ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.	CVE-2021-32809 GHSA-7889-rm5j-hpgg
VCID-rvsb-66vn-cubn	ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.	CVE-2021-37695 GHSA-m94c-37g6-cjhc

Vulnerability

Summary

Aliases

VCID-my43-4zns-1qh9

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

CVE-2021-32809
GHSA-7889-rm5j-hpgg

VCID-rvsb-66vn-cubn

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

CVE-2021-37695
GHSA-m94c-37g6-cjhc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T18:11:49.597850+00:00	GitLab Importer	Fixing	VCID-rvsb-66vn-cubn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor/CVE-2021-37695.yml	36.1.3
2025-07-01T18:11:49.384974+00:00	GitLab Importer	Fixing	VCID-my43-4zns-1qh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor/CVE-2021-32809.yml	36.1.3

2025-07-01T18:11:49.597850+00:00

GitLab Importer

Fixing

VCID-rvsb-66vn-cubn

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor/CVE-2021-37695.yml

36.1.3

2025-07-01T18:11:49.384974+00:00

GitLab Importer

Fixing

VCID-my43-4zns-1qh9

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor/CVE-2021-32809.yml

36.1.3