@ckeditor/ckeditor5-adapter-ckfinder (>=46.0.0 <=46.0.2-alpha.1), @ckeditor/ckeditor5-ai (>=46.0.0 <=46.0.2-alpha.1) +89 more potentially affected by CVE-2025-58064 via @ckeditor/ckeditor5-clipboard (>=46.0.0 <=46.0.2)

@ckeditor/ckeditor5-clipboard NPM version =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.2-alpha.1 and more Source cves: CVE-2025-58064 Source advisory: OSV:GHSA-X9GP-VJH6-3WV6...

@8trhieu/ckeditor5-build-classic-custom (>=0.0.1 <=0.0.5), @ainhu8596/tee-mee-ckeditor (>=29.1.1 <=29.1.2) +201 more potentially affected by CVE-2022-31175 via @ckeditor/ckeditor5-markdown-gfm (>=0.0.0-internal-20241017.0 <=34.2.0)

@ckeditor/ckeditor5-markdown-gfm NPM version =0.0.0-internal-20241017.0, =0.0.1, =29.1.1, =1.0.0, =1.0.1, =34.1.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0,...

CVE-2022-31175 Cross-site scripting caused by the editor instance destroying process in ckeditor5

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are...