Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package mermaid, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2021-43861 — CVSS 7.2 (high): Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and…
CVE-2025-54880 — CVSS 6.1 (medium): Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and…
CVE-2026-41149: Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as…
CVE-2026-41150 — CVSS 5.3 (medium): Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there…
CVE-2026-41159 — CVSS 5.3 (medium): Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0…
CVE-2025-54881: Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and…
CVE-2026-41148: Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in…
CVE-2022-31108 — CVSS 4.1 (medium): Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and…