Lucene search
K

5 matches found

OSV
OSV
added 2026/05/29 3:16 p.m.6 views

UBUNTU-CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/29 1:54 p.m.10 views

EUVD-2026-33325

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 1:54 p.m.15 views

CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 11:16 p.m.22 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/22 10:3 p.m.22 views

CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS
Exploits0References6
Rows per page
Query Builder