M

Mermaid Project Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Mermaid Project products.

2 known CVE vulnerabilities tracked

Critical
0
High
0
Medium
2
Low
0
None
0

Vulnerabilities By Year

2
2026

Products Affected

Mermaid 2

All Mermaid Project CVEs

Recent Highest Score Oldest
CVE-2026-41159
5.3 medium

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options

Mermaid May 29, 2026
CVE-2026-41150
5.3 medium

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then

Mermaid May 29, 2026