| CVE-2026-41149 |
medium |
— |
5.5 |
|
|
|
7d ago |
Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection |
| CVE-2026-41148 |
medium |
— |
5.5 |
|
|
|
7d ago |
Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection |
| CVE-2026-41159 |
medium |
— |
5.5 |
|
|
|
18d ago |
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies… |
| CVE-2026-41150 |
medium |
— |
5.5 |
|
|
|
18d ago |
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i… |
| CVE-2025-54881 |
unknown |
— |
— |
|
|
|
9mo ago |
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid … |
| CVE-2025-54880 |
unknown |
— |
— |
|
|
|
9mo ago |
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid … |
| CVE-2022-31108 |
unknown |
— |
— |
|
|
|
4y ago |
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary … |
| CVE-2021-43861 |
unknown |
— |
— |
|
|
|
4y ago |
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagr… |
| CVE-2021-35513 |
unknown |
— |
— |
|
|
|
5y ago |
Mermaid before 8.11.0 allows XSS when the antiscript feature is used. |