Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how ckeditor compares to other vendors in security performance

View Risk Score →

npm/ckeditor5CKEditor: Cross-site scripting (XSS) in the HTML Support package

Risk 28
Severity
6.4
EPSS
0.05%
First published (updated )
CVE-2026-28343

CKSource CKEditorXSS

Risk 34
Severity
5.4
First published (updated )
CVE-2025-61261

Zen Cart Zen CartZenCart CKEditor cross site scripting

Risk 16
Severity
4.8
EPSS
0.06%
First published (updated )
CVE-2025-9103

CKEditor CKEditor 5Cross-site scripting (XSS) in the real-time collaboration package

Risk 17
Severity
2.3
EPSS
0.09%
First published (updated )
CVE-2025-25299

npm/@ckeditor/ckeditor5-clipboardCKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

Risk 46
Severity
7.2
First published (updated )
CVE-2024-45613
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/ckeditor/ckeditorCode Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability

Risk 39
Severity
6.1
First published (updated )
CVE-2024-43407

npm/ckeditor4Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

Risk 28
Severity
6.1
EPSS
0.05%
First published (updated )
CVE-2024-24816

composer/ckeditor/ckeditorCKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection

Risk 28
Severity
6.1
EPSS
0.06%
First published (updated )
CVE-2024-24815

CKEditor Ckeditor RedmineMalicious File Upload

Risk 86
Severity
9.8
First published (updated )
CVE-2023-31541

Fedoraproject Fedorackeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

Risk 38
Severity
6.1
First published (updated )
CVE-2023-28439
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CKEditor Ckeditor Node.jsXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2022-48110

CKEditor Ckeditor5-html-embed Node.jsCross-site scripting caused by the editor instance destroying process in ckeditor5

Risk 43
Severity
5.8
First published (updated )
CVE-2022-31175

Oracle Financial Services Analytical Applications InfrastructureCross-site Scripting in CKEditor4

Risk 35
Severity
5.4
First published (updated )
CVE-2022-24728

Oracle Financial Services Analytical Applications InfrastructureRegular expression Denial of Service in dialog plugin

Risk 45
Severity
7.5
First published (updated )
CVE-2022-24729

Oracle Banking ApisHTML comments vulnerability allowing to execute JavaScript code

Risk 62
Severity
8.2
First published (updated )
CVE-2021-41165
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Oracle Banking ApisAdvanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Risk 62
Severity
8.2
First published (updated )
CVE-2021-41164

Fedoraproject FedoraExecution of JavaScript code using malformed HTML in ckeditor

Risk 55
Severity
7.3
First published (updated )
CVE-2021-37695

Fedoraproject FedoraArbitrary HTML injection vulnerability in ckeditor

Risk 34
Severity
5.4
First published (updated )
CVE-2021-32809

Fedoraproject FedoraCross-site scripting in ckeditor via abuse of undo functionality

Risk 50
Severity
7.6
First published (updated )
CVE-2021-32808

composer/drupal/drupalXSS

Risk 46
Severity
7.2
First published (updated )
CVE-2021-33829
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CKEditor Ckeditor5-engine Node.jsRegular expression Denial of Service in multiple packages

Risk 37
Severity
6.5
First published (updated )
CVE-2021-21391

CKEditor ckeditor5Regular expression Denial of Service in Markdown plugin

Risk 38
Severity
6.5
First published (updated )
CVE-2021-21254

Oracle Commerce MerchandisingIt was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim …

Risk 37
Severity
6.5
First published (updated )
CVE-2021-26272

Oracle Financial Services Analytical Applications InfrastructureIt was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim …

Risk 46
Severity
7.5
First published (updated )
CVE-2021-26271

Oracle Commerce MerchandisingXSS

Risk 39
Severity
6.1
First published (updated )
CVE-2020-27193
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Fedoraproject FedoraXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2020-9440

Oracle Banking Enterprise Default ManagementXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2020-9281

CKEditor Ckeditor DrupalInfoleak

Risk 43
Severity
7.5
First published (updated )
CVE-2011-4972

composer/typo3/cmsXSS

Risk 39
Severity
6.1
First published (updated )
CVE-2018-17960

CKEditor Ckeditor 5-link Ckeditor 5XSS

Risk 38
Severity
6.1
First published (updated )
CVE-2018-11093
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203