Gathering detailed insights and metrics for tinymce
Gathering detailed insights and metrics for tinymce
Gathering detailed insights and metrics for tinymce
Gathering detailed insights and metrics for tinymce
The world's #1 JavaScript library for rich text editing. Available for React, Vue and Angular
npm install tinymce
Typescript
Module System
Node Version
NPM Version
93.9
Supply Chain
95.1
Quality
93.8
Maintenance
100
Vulnerability
80.9
License
Updated on 05 Dec 2024
Minified
Minified + Gzipped
TypeScript (94.86%)
HTML (2.53%)
Less (1.68%)
JavaScript (0.84%)
CSS (0.07%)
Makefile (0.01%)
Cumulative downloads
Total Downloads
Last day
2.4%
Compared to previous day
Last week
-5.8%
Compared to previous week
Last month
4.7%
Compared to previous month
Last year
27.3%
Compared to previous year
No dependencies detected.
The world's #1 open source rich text editor.
Using an old version of TinyMCE? We recommend you to upgrade to TinyMCE 7 to continue receiving security updates, or consider TinyMCE 5 LTS if you need more time to upgrade.
Used and trusted by millions of developers, TinyMCE is the world’s most customizable, scalable, and flexible rich text editor. We’ve helped launch the likes of Atlassian, Medium, Evernote (and lots more that we can’t tell you), by empowering them to create exceptional content and experiences for their users.
With more than 350M+ downloads every year, we’re also one of the most trusted enterprise-grade open source HTML editors on the internet. There’s currently more than 100M+ products worldwide, powered by Tiny. As a high powered WYSIWYG editor, TinyMCE is built to scale, designed to innovate, and thrives on delivering results to difficult edge-cases.
You can access a full featured demo of TinyMCE in the docs on the TinyMCE website.
Getting started with the TinyMCE rich text editor is easy, and for simple configurations can be done in less than 5 minutes.
TinyMCE Cloud Deployment Quick Start Guide
TinyMCE Self-hosted Deployment Guide
TinyMCE provides a range of configuration options that allow you to integrate it into your application. Start customizing with a basic setup.
Configure it for one of three modes of editing:
TinyMCE is easily integrated into your projects with the help of components such as:
With over 29 integrations, and 400+ APIs, see the TinyMCE docs for a full list of editor integrations.
It is easy to configure the UI of your rich text editor to match the design of your site, product or application. Due to its flexibility, you can configure the editor with as much or as little functionality as you like, depending on your requirements.
With 50+ powerful plugins available, and content editable as the basis of TinyMCE, adding additional functionality is as simple as including a single line of code.
Realizing the full power of most plugins requires only a few lines more.
Sometimes your editor requirements can be quite unique, and you need the freedom and flexibility to innovate. Thanks to TinyMCE being open source, you can view the source code and develop your own extensions for custom functionality to meet your own requirements.
The TinyMCE API is exposed to make it easier for you to write custom functionality that fits within the existing framework of TinyMCE UI components.
For the professional software teams that require more in-depth efficiency, compliance or collaborative features built to enterprise-grade standards, please get in touch with our team.
Tiny also offers dedicated SLAs and support for professional development teams.
In 2019 the decision was made to transition our codebase to a monorepo. For information on compiling and contributing, see: contribution guidelines.
As an open source product, we encourage and support the active development of our software.
Visit the TinyMCE website and check out the TinyMCE documentation.
Licensed under the terms of GNU General Public License Version 2 or later. For full details about the license, please check the LICENSE.md file.
Stable Version
2
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
>= 5.0.0, < 5.1.4
Patched Versions
5.1.4
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 4.9.7
Patched Versions
4.9.7
29
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Affected Versions
>= 7.0.0, < 7.2.0
Patched Versions
7.2.0
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Affected Versions
>= 6.0.0, < 6.8.4
Patched Versions
6.8.4
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Affected Versions
< 5.11.0
Patched Versions
5.11.0
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Affected Versions
>= 7.0.0, < 7.2.0
Patched Versions
7.2.0
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Affected Versions
>= 6.0.0, < 6.8.4
Patched Versions
6.8.4
6.1/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Affected Versions
< 5.11.0
Patched Versions
5.11.0
4.3/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Affected Versions
< 6.8.1
Patched Versions
6.8.1
4.3/10
Summary
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Affected Versions
< 7.0.0
Patched Versions
7.0.0
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.9.0
Patched Versions
5.9.0
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE plugins
Affected Versions
< 5.10.0
Patched Versions
5.10.0
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.6.0
Patched Versions
5.6.0
0/10
Summary
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.6.0
Patched Versions
0/10
Summary
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins
Affected Versions
< 5.10.0
Patched Versions
0/10
Summary
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.9.0
Patched Versions
5.9.0
6.1/10
Summary
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Affected Versions
>= 6.0.0, < 6.7.3
Patched Versions
6.7.3
6.1/10
Summary
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Affected Versions
< 5.10.9
Patched Versions
5.10.9
6.1/10
Summary
TinyMCE XSS vulnerability in notificationManager.open API
Affected Versions
< 5.10.8
Patched Versions
5.10.8
6.1/10
Summary
TinyMCE XSS vulnerability in notificationManager.open API
Affected Versions
>= 6.0.0, < 6.7.1
Patched Versions
6.7.1
6.1/10
Summary
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Affected Versions
< 5.10.8
Patched Versions
5.10.8
6.1/10
Summary
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Affected Versions
>= 6.0.0, < 6.7.1
Patched Versions
6.7.1
5.4/10
Summary
Cross-site scripting vulnerability in TinyMCE alerts
Affected Versions
< 5.10.7
Patched Versions
5.10.7
5.4/10
Summary
Cross-site scripting vulnerability in TinyMCE alerts
Affected Versions
>= 6.0.0, < 6.3.1
Patched Versions
6.3.1
0/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 5.7.1
Patched Versions
5.7.1
6.1/10
Summary
Duplicate Advisory: Cross-site scripting in TinyMCE
Affected Versions
>= 5.0.0, < 5.1.4
Patched Versions
5.1.4
6.1/10
Summary
Duplicate Advisory: Cross-site scripting in TinyMCE
Affected Versions
< 4.9.7
Patched Versions
4.9.7
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
>= 5.0.0, < 5.4.1
Patched Versions
5.4.1
6.1/10
Summary
Cross-site scripting vulnerability in TinyMCE
Affected Versions
< 4.9.11
Patched Versions
4.9.11
0/10
Summary
XSS in TinyMCE
Affected Versions
>= 5.0.0, < 5.2.2
Patched Versions
5.2.2
0/10
Summary
XSS in TinyMCE
Affected Versions
< 4.9.10
Patched Versions
4.9.10
1
0/10
Summary
Regex denial of service vulnerability in codesample plugin
Affected Versions
< 5.6.0
Patched Versions
5.6.0
Reason
30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
Reason
no binaries found in the repo
Reason
project is fuzzed
Details
Reason
Found 20/21 approved changesets -- score normalized to 9
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
license file detected
Details
Reason
SAST tool detected but not run on all commits
Details
Reason
7 existing vulnerabilities detected
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More