VYPR
Vendor

Mermaid Js

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2021-43861HigDec 30, 2021
    risk 0.40cvss 7.2epss 0.01

    Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade…

  • CVE-2025-54881MedAug 19, 2025
    risk 0.28cvss epss 0.01

    Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed…

  • CVE-2024-38527MedJun 26, 2024
    risk 0.28cvss 5.4epss 0.00

    ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment…

  • CVE-2026-41159MedMay 29, 2026
    risk 0.27cvss 5.3epss 0.00

    Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily…

  • CVE-2026-41150MedMay 29, 2026
    risk 0.27cvss 5.3epss 0.00

    Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is…

  • CVE-2026-41149MedMay 22, 2026
    risk 0.27cvss epss 0.00

    Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive…

  • CVE-2026-41148MedMay 22, 2026
    risk 0.27cvss epss 0.00

    Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram (and any other…

  • CVE-2022-31108MedJun 28, 2022
    risk 0.20cvss 4.1epss 0.01

    Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements…

  • CVE-2025-54880Aug 19, 2025
    risk 0.00cvss epss 0.00

    Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed…