Search for packages
Package details: pkg:npm/ckeditor4@4.18.0
purl pkg:npm/ckeditor4@4.18.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-39xu-3gsh-hbe9 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. CVE-2022-24728
GHSA-4fc4-4p5g-6w89
VCID-xgxf-ad4q-5kaq CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. CVE-2022-24729
GHSA-f6rf-9m92-x2hh

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:12:50.250853+00:00 GitLab Importer Fixing VCID-39xu-3gsh-hbe9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor4/CVE-2022-24728.yml 36.1.3
2025-07-01T18:12:49.609542+00:00 GitLab Importer Fixing VCID-xgxf-ad4q-5kaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor4/CVE-2022-24729.yml 36.1.3
2025-07-01T14:31:29.696667+00:00 GHSA Importer Fixing VCID-39xu-3gsh-hbe9 https://github.com/advisories/GHSA-4fc4-4p5g-6w89 36.1.3
2025-07-01T12:24:58.019761+00:00 GithubOSV Importer Fixing VCID-39xu-3gsh-hbe9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-4fc4-4p5g-6w89/GHSA-4fc4-4p5g-6w89.json 36.1.3