MAL-2026-2667 Malicious code in ckeditor5-minimap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f65f71fdee0224ec38d03c631d1df1a8454347b6d82cfda912b11d387052898c The package ckeditor5-minimap was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in ckeditor5-minimap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f65f71fdee0224ec38d03c631d1df1a8454347b6d82cfda912b11d387052898c The package ckeditor5-minimap was found to contain malicious code. Source: ossf-package-analysis...

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-engine is a The editing engine of CKEditor 5 – the best browser-based rich text editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via its unsafe htmlSupport configuration. An attacker can execute unauthorized JavaScript in the editor...

4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), 87-midnight-ckeditor5 (>=0.0.3 <=0.0.5) +1483 more potentially affected by CVE-2026-28343 via ckeditor5 (>=29.2.0 <=47.6.0-alpha.9)

ckeditor5 NPM version =29.2.0, =0.0.1, =0.0.3, =0.0.1, =0.0.1, =29.2.0, =2.0.0, =30.0.0, =0.7.0, =1.0.0, =0.0.3, =0.0.6, =1.3.0, =1.0.1, =1.0.23 and more Source cves: CVE-2026-28343 Source advisory: OSV:GHSA-JRQM-VMQC-GM93...

Cross Site Scripting (XSS)

ckeditor5 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of malicious content inserted into the editor when specific configurations are enabled such as the HTML embed plugin or custom plugins with editable RawElement views, which allows an attacker to...

EUVD-2025-19186

Malicious code in bioql PyPI...

@ckeditor/ckeditor5-adapter-ckfinder (>=46.0.0 <=46.0.2-alpha.1), @ckeditor/ckeditor5-ai (>=46.0.0 <=46.0.2-alpha.1) +89 more potentially affected by CVE-2025-58064 via ckeditor5 (>=46.0.0 <=46.0.2)

ckeditor5 NPM version =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.0, =46.0.2-alpha.1 and more Source cves: CVE-2025-58064 Source advisory: OSV:GHSA-X9GP-VJH6-3WV6...

MAL-2025-17083 Malicious code in ckeditor5-s3-upload (npm)

The package ckeditor5-s3-upload was found to contain malicious code...

Malicious code in ckeditor5-s3-upload (npm)

The package ckeditor5-s3-upload was found to contain malicious code...

CVE-2025-6674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...

CVE-2025-6674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...

CVE-2025-6674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...

CVE-2025-6674 CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...

CVE-2025-6674 CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...

CVE-2025-6674

CVE-2025-6674 affects the Drupal CKEditor5 Youtube plugin. The issue is improper input neutralization that enables Cross-site Scripting (XSS) through the YouTube embedding workflow. Affected versions are CKEditor5 Youtube 0.0.0 through 1.0.2; remediation is to update to 1.0.3 or later. Severity i...

PT-2025-26963 · Unknown · Ckeditor5 Youtube

Name of the Vulnerable Software and Affected Versions: CKEditor5 Youtube versions 0.0.0 through 1.0.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows an attacker to perform Cross-Site Scripting X...

Drupal CKEditor5 Youtube 安全漏洞

Drupal CKEditor5 Youtube is a video integration plugin for the Drupal community. A security vulnerability exists in Drupal CKEditor5 Youtube versions prior to 1.0.3, which stems from improper input neutralization and could lead to cross-site scripting attacks...

Drupal CKEditor5 Youtube module < 1.0.4 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by nico.b in WordPress Module CKEditor5 Youtube versions 1.0.4...

CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

The CKEditor5 Youtube module enhances content creation in Drupal by seamlessly integrating YouTube video embedding into the CKEditor 5 text editor. The module doesn't sufficiently validate iframe sources under the scenario where a user embeds a video using the CKEditor YouTube integration leading...

MAL-2024-9541 Malicious code in ckeditor5-table (npm)

--- -= Per source details. Do not edit below this line.=-...