Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

trix

View on npm registry
8 Total advisories
8 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
npm

GHSA-53p3-c7vp-4mcc

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)
MEDIUM 4.6
RubyGems

GHSA-qmpg-8xg6-ph5q

Trix has a Stored XSS vulnerability through serialized attributes
MEDIUM 4.6
npm

GHSA-g9jg-w8vm-g96v

Trix has a stored XSS vulnerability through its attachment attribute
MEDIUM 5.4
npm

CVE-2024-34341

Trix Editor Arbitrary Code Execution Vulnerability
MEDIUM 6.5
npm

CVE-2024-43368

Trix has a cross-site Scripting vulnerability on copy & paste

UNKNOWN
npm

CVE-2025-46812

Trix vulnerable to Cross-site Scripting on copy & paste
MEDIUM 5.3
npm

CVE-2025-21610

Trix allows Cross-site Scripting via `javascript:` url in a link
UNKNOWN
npm

CVE-2024-53847

Trix editor subject to XSS vulnerabilities on copy & paste

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes