mermaid

Mermaid improperly sanitizes sequence diagram labels leading to XSS

Cross-site Scripting in Mermaid

Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Incorrect sanitisation function leads to `XSS` in mermaid

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection

OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS)

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

Excalidraw vulnerable to XSS via Mermaid sequence diagram labels (KaTeX rendering)

Malicious code in mermaid-v11 (npm)

Malicious code in mcp-mermaid (npm)