Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

mermaid

View on npm registry
11 Total advisories
11 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
npm

CVE-2026-41159

Mermaid: Improper sanitization of configuration leads to CSS injection
MEDIUM 5.3
npm

CVE-2026-41150

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
UNKNOWN
npm

CVE-2026-41148

Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
UNKNOWN
npm

CVE-2026-41149

Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
HIGH 7.2
npm

CVE-2021-43861

Incorrect sanitisation function leads to `XSS` in mermaid
UNKNOWN
npm

CVE-2025-54881

Mermaid improperly sanitizes sequence diagram labels leading to XSS
UNKNOWN
npm

CVE-2025-54880

Mermaid does not properly sanitize architecture diagram iconText leading to XSS
HIGH 7.0
npm

GHSA-m4gq-x24j-jpmf

Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
MEDIUM 4.1
npm

CVE-2022-31108

Possible inject arbitrary `CSS` into the generated graph affecting the container HTML
MEDIUM 6.1
npm

CVE-2021-35513

Cross-site Scripting in Mermaid
UNKNOWN
npm

GHSA-w32g-5hqp-gg6q

Cross-Site Scripting in mermaid

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes