VulnerableCode Package Details - pkg:npm/ckeditor4@4.16.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cff2-8n98-fbdz	ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.	CVE-2021-32808 GHSA-6226-h7ff-ch6c
VCID-my43-4zns-1qh9	ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.	CVE-2021-32809 GHSA-7889-rm5j-hpgg
VCID-rvsb-66vn-cubn	ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.	CVE-2021-37695 GHSA-m94c-37g6-cjhc

Vulnerability

Summary

Aliases

VCID-cff2-8n98-fbdz

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

CVE-2021-32808
GHSA-6226-h7ff-ch6c

VCID-my43-4zns-1qh9

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

CVE-2021-32809
GHSA-7889-rm5j-hpgg

VCID-rvsb-66vn-cubn

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

CVE-2021-37695
GHSA-m94c-37g6-cjhc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T18:11:49.711650+00:00	GitLab Importer	Fixing	VCID-rvsb-66vn-cubn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor4/CVE-2021-37695.yml	36.1.3
2025-07-01T18:11:49.440280+00:00	GitLab Importer	Fixing	VCID-my43-4zns-1qh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor4/CVE-2021-32809.yml	36.1.3
2025-07-01T18:11:49.404611+00:00	GitLab Importer	Fixing	VCID-cff2-8n98-fbdz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor4/CVE-2021-32808.yml	36.1.3
2025-07-01T12:18:42.059437+00:00	GithubOSV Importer	Fixing	VCID-rvsb-66vn-cubn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-m94c-37g6-cjhc/GHSA-m94c-37g6-cjhc.json	36.1.3
2025-07-01T12:18:39.577161+00:00	GithubOSV Importer	Fixing	VCID-my43-4zns-1qh9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-7889-rm5j-hpgg/GHSA-7889-rm5j-hpgg.json	36.1.3
2025-07-01T12:18:33.292953+00:00	GithubOSV Importer	Fixing	VCID-cff2-8n98-fbdz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-6226-h7ff-ch6c/GHSA-6226-h7ff-ch6c.json	36.1.3