Browse all 5 CVE security advisories affecting mermaid-js. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Mermaid-js is a JavaScript-based diagramming and charting tool that enables developers to create visualizations through text-based descriptions. Historically, it has been susceptible to cross-site scripting (XSS) vulnerabilities due to improper input sanitization in rendering functions, with several instances allowing remote code execution through malicious diagram definitions. The project has addressed multiple security flaws, including those enabling arbitrary code execution via crafted diagram syntax, though no major public security incidents have been documented. Despite these vulnerabilities, the tool remains widely adopted for documentation and visualization purposes, with ongoing efforts to improve security through input validation and sandboxed rendering environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-38527 | Cross-site Scripting in ZenUML — zenuml-coreCWE-79 | 5.4 | Medium | 2024-06-26 |
This page lists every published CVE security advisory associated with mermaid-js. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.