Ckeditor5 Security Vulnerabilities in 2025

In 2025 there have been 0 vulnerabilities in Ckeditor5. Last year, in 2024 Ckeditor5 had 1 security vulnerability published. Right now, Ckeditor5 is on track to have less security vulnerabilities in 2025 than it did last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	1	6.10
2023	0	0.00
2022	0	0.00
2021	1	6.50

It may take a day or so for new Ckeditor5 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ckeditor5 Security Vulnerabilities

CKEditor5 clipboard XSS (40.0.043.1.1) with Block Toolbar plugin
CVE-2024-45613 6.1 - Medium - September 25, 2024

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.

XSS

CKEditor 5 is an open source rich text editor framework with a modular architecture
CVE-2021-21254 6.5 - Medium - January 29, 2021

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Ckeditor5 or by Ckeditor? Click the Watch button to subscribe.

Ckeditor
Vendor

Ckeditor5
Product

Ckeditor5

Don't miss out!

By the Year

Recent Ckeditor5 Security Vulnerabilities

CKEditor5 clipboard XSS (40.0.043.1.1) with Block Toolbar plugin
CVE-2024-45613 6.1 - Medium - September 25, 2024

CKEditor 5 is an open source rich text editor framework with a modular architecture
CVE-2021-21254 6.5 - Medium - January 29, 2021

Stay on top of Security Vulnerabilities

Ckeditor
Vendor

Ckeditor5
Product

Ckeditor5

Don't miss out!

By the Year

Recent Ckeditor5 Security Vulnerabilities

CKEditor5 clipboard XSS (40.0.043.1.1) with Block Toolbar plugin CVE-2024-45613 6.1 - Medium - September 25, 2024

CKEditor 5 is an open source rich text editor framework with a modular architecture CVE-2021-21254 6.5 - Medium - January 29, 2021

Stay on top of Security Vulnerabilities

Ckeditor Vendor

Ckeditor5Product

CKEditor5 clipboard XSS (40.0.043.1.1) with Block Toolbar plugin
CVE-2024-45613 6.1 - Medium - September 25, 2024

CKEditor 5 is an open source rich text editor framework with a modular architecture
CVE-2021-21254 6.5 - Medium - January 29, 2021

Ckeditor
Vendor

Ckeditor5
Product