Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package trix, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2024-43368 — CVSS 6.5 (medium): The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put…
CVE-2024-34341 — CVSS 5.4 (medium): Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting…
CVE-2025-21610 — CVSS 5.3 (medium): Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site…
CVE-2024-53847: The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when…
CVE-2025-46812: Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when…