`tinymce`

Ecosystem:
npm

Package URL:
pkg:npm/tinymce

Total PRs:
311 Dependabot PRs

Latest PR:
13 days ago

Unique Repositories:
117 repositories

Unique Repos (30 days):
5 repositories

Security Advisories

XSS in TinyMCE

GHSA-c78w-2gw7-gjv3 CVE-2019-1010091 MODERATE published about 6 years ago • updated about 1 hour ago

### Impact A cross-site scripting (XSS) vulnerability was discovered in: the core parser and `media` plugin. The vulnerability allowed arbitrary Ja...

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

GHSA-mh5m-5hw4-5c69 CVE-2026-47760 HIGH published 13 days ago • updated 3 days ago

### Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using ne...

Cross-site scripting vulnerability in TinyMCE

GHSA-5h9g-x5rv-25wg CVE-2024-21908 MODERATE published over 4 years ago • updated 11 days ago

### Impact A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed a...

Regex denial of service vulnerability in codesample plugin

GHSA-h96f-fc7c-9r55 LOW published over 5 years ago • updated about 1 hour ago

### Impact A regex denial of service (ReDoS) vulnerability was discovered in a dependency of the `codesample` plugin. The vulnerability allowed poo...

TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

GHSA-vg35-5wq7-3x7w CVE-2026-47761 HIGH published 13 days ago • updated 6 days ago

### Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted `data-mce-*` attributes, which are exec...

View all 20 advisories

Recent PRs (filtered by: Merged , Patch PRs )

RSS Feed Clear filter

Bump tinymce from 8.0.1 to 8.0.2 in the tinymce group

aelfric/tabroom-fakeballot #141

8.0.1 → 8.0.2 Patch PR

Merged 10 months ago

Bump tinymce from 8.0.1 to 8.0.2

marcelorodrigo/geocachingeditor #51

8.0.1 → 8.0.2 Patch PR

Merged 10 months ago 1 comment

Bump tinymce from 8.0.1 to 8.0.2

EngageSoftware/DNN-JavaScript-Libraries #1013

8.0.1 → 8.0.2 Patch PR

Merged 10 months ago

Bump tinymce from 8.0.0 to 8.0.1

marcelorodrigo/geocachingeditor #47

8.0.0 → 8.0.1 Patch PR

Merged 11 months ago 1 comment

Bump tinymce from 8.0.0 to 8.0.1

EngageSoftware/DNN-JavaScript-Libraries #1009

8.0.0 → 8.0.1 Patch PR

Merged 11 months ago

Build(deps-dev): bump tinymce from 8.0.0 to 8.0.1

acrolinx/sidebar-sdk-js #632

8.0.0 → 8.0.1 Patch PR

Merged 11 months ago 1 comment

Bump tinymce from 7.9.0 to 7.9.1

WWBN/AVideo #10053

7.9.0 → 7.9.1 Patch PR

Merged about 1 year ago

Bump tinymce from 5.10.0 to 5.10.9 in /tarim/app/modules/admin

algha/tarim #101

5.10.0 → 5.10.9 Patch PR

Merged over 2 years ago

Package Details

Name:	`tinymce`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/tinymce`
JSON API:	View JSON

Security Advisories

20

Active advisories

HIGH 5

MODERATE 14

LOW 1

View All npm Advisories

Package Information

Description:

Web based JavaScript HTML WYSIWYG editor control.

Repository:	https://github.com/tinymce/tinymce
Homepage:	https://www.tiny.cloud/
Latest Release:	`7.9.1` about 1 year ago
Dependent Repos:	12,552
Dependent Packages:	1,197
Downloads:	2,752,486
Ranking:	Top 0.2401% by dependent repos Top 0.2059% by downloads Top 0.0632% by dependent pkgs

PR Status

Open 144 (46.3%)

Merged 23 (7.4%)

Closed 112 (36.0%)

PR Types

Major 135 (43.4%)

Minor 84 (27.0%)

Patch 58 (18.6%)

Removal 2 (0.6%)