VYPR

npm package

@tiptap/extension-link

pkg:npm/%40tiptap/extension-link

Vulnerabilities (1)

  • CVE-2025-14284MedDec 9, 2025
    affected < 2.10.4fixed 2.10.4

    Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascr