| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-26226 | beautiful-mermaid < 0.1.3 SVG Attribute Injection | lukilabs | beautiful-mermaid | - | - | 2026-02-13 16:35:06 | Deep Dive |
| CVE-2025-54881 | Mermaid improperly sanitizes of sequence diagram labels leading to XSS | mermaid-js | mermaid | - | - | 2025-08-19 17:04:29 | Deep Dive |
| CVE-2025-54880 | Mermaid does not properly sanitize architecture diagram iconText leading to XSS | mermaid-js | mermaid | - | - | 2025-08-19 16:58:41 | Deep Dive |
| CVE-2024-53748 | WordPress WP Mermaid plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | Terry L. | WP Mermaid | Medium | 6.5 | 2024-12-01 21:23:15 | Deep Dive |
| CVE-2024-38527 | Cross-site Scripting in ZenUML | mermaid-js | zenuml-core | Medium | 5.4 | 2024-06-26 19:33:47 | Deep Dive |
| CVE-2022-46180 | Arbitrary HTML injection in discourse-mermaid-theme-component | discourse | discourse-mermaid-theme-component | Medium | 5.0 | 2023-01-04 16:44:54 | Deep Dive |
| CVE-2022-36036 | Improper Control of Generation of Code ('Code Injection') in mdx-mermaid | sjwall | mdx-mermaid | Low | 3.6 | 2022-08-29 17:20:10 | Deep Dive |
| CVE-2022-31108 | Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js | mermaid-js | mermaid | Medium | 4.1 | 2022-06-28 18:35:11 | Deep Dive |
| CVE-2021-43861 | Incorrect sanitisation function leads to `XSS` | mermaid-js | mermaid | High | 7.2 | 2021-12-30 13:40:11 | Deep Dive |