@burger-editor/blocks (>=4.0.0-alpha.1 <=4.0.0-alpha.7), @burger-editor/client (>=4.0.0-alpha.1 <=4.0.0-alpha.7) +4 more potentially affected by unknown CVE via trix (>=2.0.10 <=2.1.15)

trix NPM version =2.0.10, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =1.0.1, =1.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-TRIX-15813061...

@9troisquarts/ant-form (>=2.3.0 <=4.0.5), @beliantech/bt-components (>=0.8.0 <=0.33.11) +55 more potentially affected by unknown CVE via trix (>=0.10.2 <=2.1.15)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.2.0, =0.0.1, =0.1.0, =0.1.1, =1.32.0, =3.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-53P3-C7VP-4MCC...

@burger-editor/blocks (>=4.0.0-alpha.1 <=4.0.0-alpha.7), @burger-editor/client (>=4.0.0-alpha.1 <=4.0.0-alpha.7) +4 more potentially affected by unknown CVE via trix (>=2.0.10 <=2.1.15)

trix NPM version =2.0.10, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =1.0.1, =1.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-TRIX-15481278...

@9troisquarts/ant-form (>=2.3.0 <=4.0.5), @beliantech/bt-components (>=0.8.0 <=0.33.11) +55 more potentially affected by unknown CVE via trix (>=0.10.2 <=2.1.15)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.2.0, =0.0.1, =0.1.0, =0.1.1, =1.32.0, =3.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QMPG-8XG6-PH5Q...

@9troisquarts/ant-form (>=2.3.0 <=4.0.5), @beliantech/bt-components (>=0.8.0 <=0.33.11) +55 more potentially affected by unknown CVE via trix (>=0.10.2 <=2.1.15)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.2.0, =0.0.1, =0.1.0, =0.1.1, =1.32.0, =3.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G9JG-W8VM-G96V...

EUVD-2025-14005

Malicious code in bioql PyPI...

Cross-Site Scripting (XSS)

Trix is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient sanitization of pasted content, which allows an attacker to execute arbitrary JavaScript within the user’s session...

CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

@9troisquarts/ant-form (>=2.3.0 <=4.0.5), @beliantech/bt-components (>=0.8.0 <=0.33.11) +54 more potentially affected by CVE-2025-46812 via trix (>=0.10.2 <=2.1.13)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.2.0, =0.0.1, =0.1.0, =0.1.1, =1.32.0, =0.0.3, =0.0.4 and more Source cves: CVE-2025-46812 Source advisory: OSV:GHSA-MCRW-746G-9Q8H...

@9troisquarts/ant-form (>=2.3.0 <=4.0.5), @beliantech/bt-components (>=0.8.0 <=0.33.11) +50 more potentially affected by CVE-2025-21610 via trix (>=0.10.2 <=2.0.8)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =0.1.18, =0.1.85, =0.2.0, =0.0.1, =0.1.0, =0.1.1, =1.32.0, =0.0.3, =0.2.0, =0.7.0, =0.0.9, =0.3.900 and more Source cves: CVE-2025-21610 Source advisory: OSV:GHSA-J386-3444-QGWG...

@caedman/arma (>=0.1.18 <=0.1.87), @caedman/armdda (>=0.1.85 <=1.1.89) +1 more potentially affected by CVE-2024-53847 via trix (>=1.3.0 <=1.3.1)

trix NPM version =1.3.0, =0.1.18, =0.1.85, =7.8.0, =9.2.2-alpha-margin Source cves: CVE-2024-53847 Source advisory: OSV:GHSA-6VX4-V2JW-QWQH...

@9troisquarts/ant-form (>=2.3.0 <=6.0.1), @bigbinary/neeto-email-notifications-frontend (=1.1.0) +55 more potentially affected by CVE-2024-53847 via trix (>=2.0.10 <=2.1.19)

trix NPM version =2.0.10, =2.3.0, =1.3.0, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =0.0.1, =0.0.12 and more Source cves: CVE-2024-53847 Source advisory: OSV:GHSA-6VX4-V2JW-QWQH...

@9troisquarts/ant-form (>=2.3.0 <=6.0.1), @beliantech/bt-components (>=0.8.0 <=0.33.11) +102 more potentially affected by CVE-2024-43368 via trix (>=0.10.2 <=2.1.19)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.1.0, =0.2.0, =1.0.0, =1.1.1-beta.44 and more Source cves: CVE-2024-43368 Source advisory: OSV:GHSA-QM2Q-9F3Q-2VCV...

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.4 that stems from the presence of cross-site scripting, which allows an attacker to trick a user into copying and pasting malicious code, and then executing arbitrar...