Debian Node-Mermaid vulnerabilities

7 known vulnerabilities affecting debian/node-mermaid.

Total CVEs

7

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM4LOW2

Vulnerabilities

Page 1 of 1

CVE-2025-54881LOWCVSS 5.32025

CVE-2025-54881 [MEDIUM] CVE-2025-54881: node-mermaid - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-i... Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Scope: local bullse

CVE-2025-54880LOWCVSS 5.12025

CVE-2025-54880 [MEDIUM] CVE-2025-54880: node-mermaid - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-i... Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerabi

CVE-2022-48345MEDIUMCVSS 6.12022

CVE-2022-48345 [MEDIUM] CVE-2022-48345: node-mermaid - sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML enti... sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. Scope: local bullseye: open

CVE-2022-31108MEDIUMCVSS 4.12022

CVE-2022-31108 [MEDIUM] CVE-2022-31108: node-mermaid - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-i... Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by

CVE-2021-43861HIGHCVSS 7.2fixed in node-mermaid 8.7.0+ds+~cs27.17.17-3+deb11u2 (bullseye)2021

CVE-2021-43861 [HIGH] CVE-2021-43861: node-mermaid - Mermaid is a Javascript based diagramming and charting tool that uses Markdown-i... Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgra

CVE-2021-23648MEDIUMCVSS 5.4fixed in node-mermaid 8.7.0+ds+~cs27.17.17-3+deb11u1 (bullseye)2021

CVE-2021-23648 [MEDIUM] CVE-2021-23648: node-mermaid - The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Sc... The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. Scope: local bullseye: resolved (fixed in 8.7.0+ds+~cs27.17.17-3+deb11u1)

CVE-2021-35513MEDIUMCVSS 6.1fixed in node-mermaid 8.7.0+ds+~cs27.17.17-3 (bullseye)2021

CVE-2021-35513 [MEDIUM] CVE-2021-35513: node-mermaid - Mermaid before 8.11.0 allows XSS when the antiscript feature is used. Mermaid before 8.11.0 allows XSS when the antiscript feature is used. Scope: local bullseye: resolved (fixed in 8.7.0+ds+~cs27.17.17-3)