Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm tinymce Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open API
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk
Cross-site scripting vulnerability in TinyMCE alerts
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yOGhtLXc1Zjctd2ozOc0Wzg
Cross-site scripting vulnerability in TinyMCE plugins
Ecosystems: pypi, nuget, packagist, npm
Packages: django-tinymce, TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01aDlnLXg1cnYtMjV3Z80WrQ
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2bTgtaGhnci1qY2pw
Cross-site scripting vulnerability in TinyMCE
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3angtajc3bS13cDY1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NmYtZmM3Yy05cjU1
Regex denial of service vulnerability in codesample plugin
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydjgtdjR3OC1mOTVo
Cross-site scripting vulnerability in TinyMCE
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3OHctMmd3Ny1nanYz
XSS in TinyMCE
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3Z20tZ2hyOS00djk1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1
Ecosystems: 12
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 18 sequelize 16 next 15 swagger-ui 14 tinymce 14 ghost 14 strapi 13 joplin 13 ckeditor4 13 undici 12 vm2 12 nodebb 11 handlebars 11 marked 11 angular 11 nocodb 10 @evershop/evershop 9 serve 9 next-auth 9 TinyMCE 9 tinymce/tinymce 9 node-forge 8 urijs 8 jsrsasign 8 express-cart 8 editor.md 8 validator 8 npm 8 @strapi/strapi 8 url-parse 8 tar 8 steal 8 systeminformation 8 bootstrap 8 matrix-js-sdk 8 org.webjars.npm:jquery 8 jquery 8 jquery-rails 8 total.js 7 sanitize-html 7 uptime-kuma 7 jquery-ui 7 jquery-ui-rails 7 matrix-appservice-irc 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 snyk-broker 7 jQuery 7 shescape 7 lodash 7 matrix-react-sdk 7 hermes-engine 7 hapi 7 safe-eval 6 aaptjs 6 rsshub 6 parse-url 6 lodash-es 5 total4 5 openpgp 5 sweetalert2 5 public 5 ejs 5 prismjs 5 vite 5 mongoose 5 dojo 5 yarn 5 vditor 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 rendertron 5 xlsx 5 keystone 5 safer-eval 4 muhammara 4 remarkable 4 convert-svg-core 4 axios 4 hummus 4 simple-git 4 engine.io 4 jsonwebtoken 4 realms-shim 4 ws 4 fastify 4 katex 4 dompurify 4 apostrophe 4 vega 4 auth0-js 4 @keystone-6/core 4 materialize-css 4 moment 4 mongo-express 4 valine 4 mermaid 4 auth0-lock 4 @backstage/plugin-scaffolder-backend 4 qs 4 ecstatic 4 simple-markdown 4 generator-jhipster 4 mysql2 4 meshcentral 4 aws-iot-device-sdk-v2 4 glance 4 apollo-server-core 4 awsiotsdk 4 follow-redirects 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 ses 3 loader-utils 3 org.webjars.npm:xlsx 3 node-red-dashboard 3 notevil 3 object-path 3 passport-wsfed-saml2 3 js-yaml 3 grunt 3 jspdf 3 n8n 3 locutus 3 jointjs 3 codecov 3 feathers-sequelize 3 mysql 3 wrangler 3 yapi-vendor 3 @frangoteam/fuxa 3 ftp-srv 3 renovate 3 blamer 3 bootstrap 3 @ckeditor/ckeditor5-markdown-gfm 3 raneto 3 tough-cookie 3 froala-editor 3 highcharts 3 localhost-now 3 mixme 3 connect 3 jose 3 socket.io-file 3 fast-xml-parser 3 browserify-shim 3 slpjs 3 dns-sync 3 protobufjs 3 http-live-simulator 3 uap-core 3 xmldom 3 m-server 3 keycloak-connect 3 @strapi/utils 3 @cubejs-backend/api-gateway 3 nodemailer 3 slp-validate 3 apollo-server 3 node-opcua 3 postcss 3 jquery-validation 3 socket.io-parser 3 @backstage/techdocs-common 3 node-ipc 3 mathjs 3 node-jose 3 parsel 3 @uppy/companion 3 nadesiko3 3 convict 3 dojox 3 simplehttpserver 3 fuxa-server 3 mxgraph 3 statics-server 3 stimulsoft-dashboards-js 3 express-fileupload 3 node-fetch 3 xdLocalStorage 3 @hapi/subtext 3 subtext 3 @apollo/server 3 json-pointer 3 immer 3 serialize-to-js 3 buttle 3 typeorm 3 lodash.defaultsdeep 3 @vrite/sdk 3 @commercial/subtext 3 json-ptr 3 @sveltejs/kit 3 snyk 3 @soketi/soketi 3 ids-enterprise 3