VulnerableCode Package Details - pkg:npm/tinymce@7.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-8sx8-2u5f-ekfp Aliases: CVE-2024-38356 GHSA-9hcv-j9pv-qmph		7.2.0 Affected by 0 other vulnerabilities.
VCID-jbdv-n42h-jyfn Aliases: CVE-2024-38357 GHSA-w9jx-4g6g-rp7x		7.2.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8sx8-2u5f-ekfp
Aliases:
CVE-2024-38356
GHSA-9hcv-j9pv-qmph

7.2.0
Affected by 0 other vulnerabilities.

VCID-jbdv-n42h-jyfn
Aliases:
CVE-2024-38357
GHSA-w9jx-4g6g-rp7x

7.2.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fb5p-kqd6-6kbu	TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload.	CVE-2024-29881 GHSA-5359-pvf2-pw78

Vulnerability

Summary

Aliases

VCID-fb5p-kqd6-6kbu

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements A [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload.

CVE-2024-29881
GHSA-5359-pvf2-pw78

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T19:19:02.279752+00:00	GitLab Importer	Affected by	VCID-jbdv-n42h-jyfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2024-38357.yml	38.6.0
2026-05-31T19:19:02.136294+00:00	GitLab Importer	Affected by	VCID-8sx8-2u5f-ekfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2024-38356.yml	38.6.0
2026-05-31T10:48:25.329043+00:00	GithubOSV Importer	Fixing	VCID-fb5p-kqd6-6kbu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-5359-pvf2-pw78/GHSA-5359-pvf2-pw78.json	38.6.0
2026-05-31T01:04:01.514300+00:00	GHSA Importer	Affected by	VCID-8sx8-2u5f-ekfp	https://github.com/advisories/GHSA-9hcv-j9pv-qmph	38.6.0
2026-05-31T01:04:01.183908+00:00	GHSA Importer	Affected by	VCID-jbdv-n42h-jyfn	https://github.com/advisories/GHSA-w9jx-4g6g-rp7x	38.6.0
2026-05-31T01:02:36.851440+00:00	GHSA Importer	Fixing	VCID-fb5p-kqd6-6kbu	https://github.com/advisories/GHSA-5359-pvf2-pw78	38.6.0
2026-05-30T21:03:42.909220+00:00	GitLab Importer	Fixing	VCID-fb5p-kqd6-6kbu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/tinymce/CVE-2024-29881.yml	38.6.0