DevGuard Logo

🛡️ DevGuard
Group
/📚 DevGuard Documentation
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-54881

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.

Open
LOW (0.3)
  • logo

    System detected CVE-2025-54881

    sbom-documentation
  • logo

    System

    sbom-documentation
  • logo

    System updated the risk assessment from 0 to 0.32

    0.1.0

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 0.32 to 0.65

    0.1.0

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2025-54881

    0.1.0
  • logo

    System detected CVE-2025-54881 with a risk of 0.32

    0.1.0

Add a comment

Mark as False Positive
Last calculated at:

Affected component

mermaid

Installed version:
11.4.0
Fixed in:
11.10.0
Show in dependency graph

Quick Fix

Update all Dependencies
Update only mermaid

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5