CVE-2026-41150
- EPSS 0.38%
- Veröffentlicht 29.05.2026 13:54:52
- Zuletzt bearbeitet 01.06.2026 18:37:37
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all da...
CVE-2026-41159
- EPSS 0.4%
- Veröffentlicht 29.05.2026 13:53:10
- Zuletzt bearbeitet 01.06.2026 18:38:02
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily,...
CVE-2025-54880
- EPSS 0.34%
- Veröffentlicht 19.08.2025 16:58:41
- Zuletzt bearbeitet 20.10.2025 15:12:18
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for archite...
CVE-2022-31108
- EPSS 0.85%
- Veröffentlicht 28.06.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 07:03:54
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to cha...
CVE-2021-43861
- EPSS 0.91%
- Veröffentlicht 30.12.2021 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:57
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' mac...
CVE-2021-35513
- EPSS 1.02%
- Veröffentlicht 27.06.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:12:24
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.