Package impact
NPM / mermaid
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41149 | medium | — | 5.5 | 7d ago | Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection | |||
| CVE-2026-41148 | medium | — | 5.5 | 7d ago | Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection | |||
| CVE-2026-41159 | medium | — | 5.5 | 18d ago | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies… | |||
| CVE-2026-41150 | medium | — | 5.5 | 18d ago | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i… |