npm CVE Archive

tinymce CVE Vulnerabilities

All known CVEs affecting tinymce. Kodem’s runtime-powered SCA reveals which are actually reachable in your application.

Known vulnerabilities
CVE
Summary
Severity
CVE-2026-47761
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin…
High
CVE-2026-47762
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected`…
High
CVE-2026-47759
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce-…
High
CVE-2026-47760
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass…
High
CVE-2024-38356
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Medium
CVE-2024-38357
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Medium
CVE-2024-29203
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Medium
CVE-2024-29881
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files…
Medium
CVE-2023-48219
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in…
Medium
CVE-2023-45819
TinyMCE XSS vulnerability in notificationManager.open API
Medium
CVE-2023-45818
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and…
Medium
CVE-2022-23494
Cross-site scripting vulnerability in TinyMCE alerts
Medium
CVE-2024-21910
Cross-site scripting vulnerability in TinyMCE plugins
Medium
CVE-2024-21908
Cross-site scripting vulnerability in TinyMCE
Medium
CVE-2020-12648
Cross-site scripting vulnerability in TinyMCE
Medium

Prioritize tinymce vulnerabilities

Kodem Kai can identify which of these CVEs are reachable in your dependency tree and generate targeted fix recommendations.

Get a demo →

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo
Get a personalized demo