Linux Distros Unpatched Vulnerability : CVE-2026-41159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default...

EUVD-2026-33324

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

Linux Distros Unpatched Vulnerability : CVE-2026-41149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1...

Mermaid 代码注入漏洞

Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Mermaid versions 10.9.5 and earlier, as well as versions 11.0.0-alpha.1 through 11.12.0, have a code injection vulnerability. This vulnerability stems from improper cleanup...

io.quarkus:quarkus-vertx-http-deployment (>=2.11.0.CR1 <=3.3.3) potentially affected by CVE-2026-41149 via org.webjars.npm:mermaid (>=9.1.1 <=9.4.0)

org.webjars.npm:mermaid MAVEN version =9.1.1, =2.11.0.CR1, =3.3.3 Source cves: CVE-2026-41149 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16642051...

Arbitrary Code Injection

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker can inject...

GHSA-26GQ-GRMH-6XM6 Gogs vulnerable to Stored XSS via Mermaid diagrams

Summary Stored XSS via mermaid diagrams due to usage of vulnerable renderer library Details Gogs introduced support for rendering mermaid diagrams in version 0.13.0. Currently used version of the library mermaid 11.9.0 is vulnerable to at least two XSS scenarios with publicly available payloads...

CVE-2025-68669

CVE-2025-68669 affects 5ire, a cross-platform desktop AI assistant. In versions 0.15.2 and earlier, RCE is possible in useMarkdown.ts because the markdown-it-mermaid plugin is initialized with securityLevel: 'loose', which allows HTML in Mermaid diagram nodes. The issue has not been patched at pu...

EUVD-2018-11262

Malware in sbrugna...

Cross-Site Scripting (XSS)

Mermaid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input for architecture diagram icons being passed to the d3 html method, which allows an attacker to inject and execute malicious scripts...

Cross-site Scripting (XSS)

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the calculateMathMLDimensions function, which was introduced in 5c69e5f. An attacker can execute...

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

CVE-2025-54880

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

Mermaid 安全漏洞

Mermaid is a mermaid-js open source application. Creates diagrams and visualizations using text and code. A security vulnerability exists in Mermaid 11.9.0 and earlier versions, which stems from user-entered architecture diagram icons being passed to the d3 html method, potentially leading to...

PT-2025-33815 · Mermaid +1 · Mermaid +1

Name of the Vulnerable Software and Affected Versions: Mermaid versions prior to 11.10.0 Description: Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration,...

PT-2025-33816

Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0 Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration,...

Cursor 代码问题漏洞

Cursor is an AI code editor open-sourced by Cursor. A code issue vulnerability exists in Cursor versions prior to 1.3 that stems from Mermaid allowing embedded images, which could lead to the disclosure of sensitive information...

CVE-2022-36036

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

PT-2024-35857 · WordPress · Wp Mermaid

Name of the Vulnerable Software and Affected Versions: WP Mermaid versions 1.0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious scripts into the...

@guild-docs/client (>=2.0.0 <=4.0.0-alpha-b500768.0) potentially affected by CVE-2022-36036 via mdx-mermaid (=1.2.2)

mdx-mermaid NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on mdx-mermaid and may be impacted: - @guild-docs/client =2.0.0, =4.0.0-alpha-b500768.0 Source cves: CVE-2022-36036 Source advisory: OSV:GHSA-RVGM-35JW-Q628...