VYPR

npm package

beautiful-mermaid

pkg:npm/beautiful-mermaid

Vulnerabilities (1)

  • CVE-2026-26226MedFeb 13, 2026
    affected < 0.1.3fixed 0.1.3

    beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribut