HIGH7.2CVE-2021-43861Incorrect sanitisation function leads to `XSS` in mermaid from 0, < 8.13.8
from 0, < 8.11.0
MEDIUM5.3CVE-2026-41159Mermaid: Improper sanitization of configuration leads to CSS injection >= 11.0.0-alpha.1, < 11.15.0
MEDIUM5.3Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
>= 11.0.0-alpha.1, < 11.15.0
MEDIUM4.1Possible inject arbitrary `CSS` into the generated graph affecting the container HTML
>= 8.0.0, < 9.1.2
—Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
>= 11.0.0-alpha.1, < 11.15.0
—Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
>= 11.0.0-alpha.1, < 11.15.0
—Mermaid improperly sanitizes sequence diagram labels leading to XSS
>= 11.0.0-alpha.1, < 11.10.0
—Mermaid does not properly sanitize architecture diagram iconText leading to XSS
>= 11.1.0, < 11.10.0