mermaid-js — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting mermaid-js. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by mermaid-js:mermaid zenuml-core

CVE ID	Title	CVSS	Severity	Published
CVE-2025-54881	Mermaid improperly sanitizes of sequence diagram labels leading to XSS — mermaidCWE-79	5.4^AI	Medium^AI	2025-08-19
CVE-2025-54880	Mermaid does not properly sanitize architecture diagram iconText leading to XSS — mermaidCWE-79	5.4^AI	Medium^AI	2025-08-19
CVE-2024-38527	Cross-site Scripting in ZenUML — zenuml-coreCWE-79	5.4	Medium	2024-06-26
CVE-2022-31108	Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js — mermaidCWE-74	4.1	Medium	2022-06-28
CVE-2021-43861	Incorrect sanitisation function leads to `XSS` — mermaidCWE-79	7.2	High	2021-12-30

This page lists every published CVE security advisory associated with mermaid-js. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

mermaid-js — Vulnerabilities & Security Advisories 5