To report a vulnerability, please e-mail security@mermaid.live with a description of the issue, the steps you took to create the issue, affected versions, and if known, mitigation for the issue.
Security: mermaid-js/mermaid
Security
SECURITY.md
-
Prototype pollution in bundled version of DOMPurifyGHSA-m4gq-x24j-jpmf published
Oct 22, 2024 by aloisklinkHigh -
Possible inject arbitrary `CSS` into the generated graph affecting the container HTMLGHSA-x3vm-38hw-55wf published
Jun 28, 2022 by knsvModerate -
Incorrect sanitisation function leads to `XSS`GHSA-p3rp-vmj9-gv6v published
Dec 29, 2021 by knsvHigh
Learn more about advisories related to mermaid-js/mermaid in the GitHub Advisory Database