OsVault/npm/mermaid
npm

mermaid

8 known vulnerabilities · 0 critical · 1 high

CVE-2025-54881

Mermaid improperly sanitizes sequence diagram labels leading to XSS

Published Aug 19, 2025
CVE-2021-35513MEDIUM

Cross-site Scripting in Mermaid

Published Dec 10, 2021
CVE-2022-31108MEDIUM

Possible inject arbitrary `CSS` into the generated graph affecting the container HTML

Published Jul 5, 2022
CVE-2025-54880

Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Published Aug 19, 2025
CVE-2021-43861HIGH

Incorrect sanitisation function leads to `XSS` in mermaid

Published Jan 6, 2022
CVE-2026-32308

OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

Published Mar 13, 2026
CVE-2026-26226

beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS)

Published Feb 13, 2026
CVE-2022-36036LOW

Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

Published Aug 31, 2022
Check your entire dependency tree at onceRun dependency scan →