All 4 CVE vulnerabilities found in mermaid, with AI-generated Chinese analysis, references, and POCs.
Vendor: mermaid-js
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54881 | Mermaid improperly sanitizes of sequence diagram labels leading to XSS CWE-79 | 5.4AI | MediumAI | 2025-08-19 |
| CVE-2025-54880 | Mermaid does not properly sanitize architecture diagram iconText leading to XSS CWE-79 | 5.4AI | MediumAI | 2025-08-19 |
| CVE-2022-31108 | Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js CWE-74 | 4.1 | Medium | 2022-06-28 |
| CVE-2021-43861 | Incorrect sanitisation function leads to `XSS` CWE-79 | 7.2 | High | 2021-12-30 |
All 4 known CVE vulnerabilities affecting mermaid with full Chinese analysis, references, and POCs where available.