trix

npm5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting trixpage 1 of 1

CVE-2024-34341MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.3.2
2024-05-07
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from impr…
CVE-2024-43368MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.1.4
2024-08-14
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments wit…
CVE-2024-53847MEDIUMCVSS 5.1EG 0.0✓ Fixed in 1.3.3
2024-12-09
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execut…
CVE-2025-21610MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.1.12
2025-01-03
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a m…
CVE-2025-46812LOWCVSS 2.0EG 0.0✓ Fixed in 2.1.15
2025-05-08
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would ex…

Check whether trix is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for trix CVEs against the assets you own.

Start Free Scan →