pkg:npm/mermaid

所有已知漏洞

• HIGH7.2CVE-2021-43861Incorrect sanitisation function leads to `XSS` in mermaid
  from 0, < 8.13.8
• MEDIUM6.1CVE-2021-35513Cross-site Scripting in Mermaid
  from 0, < 8.11.0
• MEDIUM5.3CVE-2026-41159Mermaid: Improper sanitization of configuration leads to CSS injection
  >= 11.0.0-alpha.1, < 11.15.0
• MEDIUM5.3CVE-2026-41150Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
  >= 11.0.0-alpha.1, < 11.15.0
• MEDIUM4.1CVE-2022-31108Possible inject arbitrary `CSS` into the generated graph affecting the container HTML
  >= 8.0.0, < 9.1.2
• —CVE-2026-41149Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
  >= 11.0.0-alpha.1, < 11.15.0
• —CVE-2026-41148Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
  >= 11.0.0-alpha.1, < 11.15.0
• —CVE-2025-54881Mermaid improperly sanitizes sequence diagram labels leading to XSS
  >= 11.0.0-alpha.1, < 11.10.0
• —CVE-2025-54880Mermaid does not properly sanitize architecture diagram iconText leading to XSS
  >= 11.1.0, < 11.10.0