DevGuard Logo

🛡️ DevGuard
Group
/📚 DevGuard Documentation
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-54880

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0.

Open
LOW (0.3)
  • logo

    System detected CVE-2025-54880

    sbom-documentation
  • logo

    System

    sbom-documentation
  • logo

    System updated the risk assessment from 0 to 0.3

    0.1.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0.3 to 0.6

    0.1.0

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2025-54880

    0.1.0
  • logo

    System detected CVE-2025-54880 with a risk of 0.3

    0.1.0

Add a comment

Mark as False Positive
Last calculated at:

Affected component

mermaid

Installed version:
11.4.0
Fixed in:
11.10.0
Show in dependency graph

Quick Fix

Update all Dependencies
Update only mermaid

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5