Search for packages
| purl | pkg:npm/ckeditor@4.16.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4mr7-bt53-hqhv | Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). |
CVE-2021-26272
GHSA-wpvm-wqr4-p7cw |
| VCID-gqad-5dqp-37g2 | CKEditor 4 ReDoS Vulnerability It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). |
CVE-2021-26271
GHSA-jv4c-7jqq-m34x |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T13:55:58.558448+00:00 | GitLab Importer | Fixing | VCID-gqad-5dqp-37g2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor/CVE-2021-26271.yml | 36.1.3 |
| 2025-07-03T13:55:58.222021+00:00 | GitLab Importer | Fixing | VCID-4mr7-bt53-hqhv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor/CVE-2021-26272.yml | 36.1.3 |