You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Under the default configuration, Mermaid state diagram's classDef allow DOM injection that escapes the SVG, although <script> tags are removed, preventing XSS.
If you can not update to a patched version, setting "securityLevel": "sandbox" will prevent this, by rendering the mermaid diagram in a sandboxed <iframe>.
Credits
Thanks to @zsxsoft from @KeenSecurityLab for reporting this vulnerability.
The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures classDef values with an unrestricted regex:
The value passes unsanitized through addStyleClass() -> createCssStyles() -> style.innerHTML (mermaidAPI.ts:418). A } in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page.
PoC
stateDiagram-v2
classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")}
Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options.
%%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%%
flowchart LR
A --> B
The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level.
This allows page defacement and DOM attribute exfiltration via CSS :has() selectors.
If you can't upgrade mermaid, you can set the secure config value in the mermaid config to avoid allowing diagrams to modify fontFamily, themeCSS, altFontFamily, and themeVariables.
Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates.
Example:
gantt
excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday
DoS :2025-01-01, 1d
mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram).
In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with A@{ shape: datastore, label: "Datastore" }.
#770727db774 Thanks @txmxthy! - feat(architecture): expose four fcose layout knobs for architecture-beta diagrams (nodeSeparation, idealEdgeLengthMultiplier, edgeElasticity, numIter) so authors can tune layout density and spread overlapping siblings without changing diagram source
#7604bf9502f Thanks @M-a-c! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting
If you have namespaces in class diagrams that use .s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set class.hierarchicalNamespaces=false in your mermaid config:
#75781f98db8 Thanks @Gaston202! - fix(class): self-referential class multiplicity labels no longer rendered multiple times
Fixes #7560. Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions.
#75922343e38 Thanks @knsv-bot! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams
#75897fb9509 Thanks @NYCU-Chung! - fix(block): prevent column widths from shrinking when mixing different column spans
#76323f9e0f1 Thanks @ekiauhce! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams
Multi-word names containing hyphens — e.g. real-time processing, end-user, on-call engineer — now parse without quoting, bringing the grammar in line with the OnlineWardleyMaps (OWM) convention. A->B (no-space arrow) still tokenises correctly.
#75235144ed4 Thanks @darshanr0107! - fix(block): Arrow blocks in block-beta diagrams not spanning the specified number of columns when using :n syntax.
#7693afaf306 Thanks @dull-bird! - fix(quadrant-chart): allow CJK, emoji, Latin-1 accented characters, and other non-ASCII text in unquoted axis/quadrant/point labels.
Previously the lexer only matched ASCII [A-Za-z]+ for text tokens, even though the grammar referenced UNICODE_TEXT. Bare Chinese, Japanese, Korean, emoji, and accented Latin characters in labels caused a parse error. Added a [^\x00-\x7F]+ lexer rule to emit UNICODE_TEXT and included it in the alphaNumToken grammar rule.
No successful run was found on main (106fa84) during the generation of this report, so a5461e6 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependenciesPull requests that update a dependency file
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
11.14.0→11.15.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Mermaid: Improper sanitization of
classDefin state diagrams leads to HTML injectionCVE-2026-41149 / GHSA-ghcm-xqfw-q4vr
More information
Details
Impact
Under the default configuration, Mermaid state diagram's
classDefallow DOM injection that escapes the SVG, although<script>tags are removed, preventing XSS.Proof-of-concept
Patches
Workarounds
If you can not update to a patched version, setting
"securityLevel": "sandbox"will prevent this, by rendering the mermaid diagram in a sandboxed<iframe>.Credits
Thanks to @zsxsoft from @KeenSecurityLab for reporting this vulnerability.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Mermaid: Improper sanitization of
classDefsin diagrams leads to CSS injectionCVE-2026-41148 / GHSA-xcj9-5m2h-648r
More information
Details
Details
The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures
classDefvalues with an unrestricted regex:The value passes unsanitized through
addStyleClass()->createCssStyles()->style.innerHTML(mermaidAPI.ts:418). A}in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page.PoC
Live demo:
https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU
Patches
This has been patched in:
Workarounds
Setting
"securityLevel": "sandbox"will prevent this, by rendering the mermaid diagram in a sandboxed<iframe>.Impact
Enables page defacement, user tracking via
url()callbacks, and DOM attribute exfiltration via CSS:has()selectors.Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Mermaid: Improper sanitization of configuration leads to CSS injection
CVE-2026-41159 / GHSA-87f9-hvmw-gh4p
More information
Details
Impact
Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the
fontFamily,themeCSS, andaltFontFamilyconfiguration options.Live demo: mermaid.live
Example code:
The injected CSS exploits stylis's
&(scope reference) handling.:not(&)escapes the#mermaid-xxxautomatic scoping, applying styles to all page elements. Global at-rules (@font-face,@keyframes,@counter-style) are also injectable as stylis hoists them to top level.This allows page defacement and DOM attribute exfiltration via CSS
:has()selectors.Patches
Workarounds
If you can't upgrade mermaid, you can set the
secureconfig value in the mermaid config to avoid allowing diagrams to modifyfontFamily,themeCSS,altFontFamily, andthemeVariables.Setting
"securityLevel": "sandbox"will also prevent this.Credits
Reported by @zsxsoft on behalf of @KeenSecurityLab
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
CVE-2026-41150 / GHSA-6m6c-36f7-fhxh
More information
Details
Impact
Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the
excludesattribute to exclude all dates.Example:
mermaid.parseis unaffected, unless you then call theganttDb.getTasks()(which is called when rendering a diagram).Patches
This has been patched in:
Workarounds
There are no workarounds available without updating to a newer version of mermaid.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
mermaid-js/mermaid (mermaid)
v11.15.0Compare Source
Minor Changes
#7174
0aca217Thanks @milesspencer35! - feat(sequence): Add support for decimal start and increment values in theautonumberdirective#7512
8e17492Thanks @aruncveli! - feat(flowchart): add datastore shapeIn Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with
A@{ shape: datastore, label: "Datastore" }.#6440
9ad8ddeThanks @yordis, @lgazo! - feat: add Event Modeling diagram#7707
27db774Thanks @txmxthy! - feat(architecture): expose four fcose layout knobs forarchitecture-betadiagrams (nodeSeparation,idealEdgeLengthMultiplier,edgeElasticity,numIter) so authors can tune layout density and spread overlapping siblings without changing diagram source#7604
bf9502fThanks @M-a-c! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nestingIf you have namespaces in class diagrams that use
.s already and want to render them without nesting (≤v11.14.0 behaviour), you can use setclass.hierarchicalNamespaces=falsein your mermaid config:#7272
88cdd3dThanks @xinbenlv! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colorsPatch Changes
#7737
e9b0f34Thanks @ashishjain0512! - fix: prevent unbalanced CSS styles in classDefs#7737
37ff937Thanks @ashishjain0512! - fix: create CSS styles using the CSSOMThis removes some invalid CSS and normalizes some CSS formatting.
#7508
bfe60ccThanks @biiab! - fix(stateDiagram):end notenow only closes a note when used on a new line#7737
faafb5dThanks @ashishjain0512! - fix(gantt): add iteration limit forexcludesfield#7737
65f8be2Thanks @ashishjain0512! - fix: disallow some CSS at-rules in custom CSS#7726
1502f32Thanks @aloisklink! - fix(wardley): fix unnecessary sanitization of text#7578
1f98db8Thanks @Gaston202! - fix(class): self-referential class multiplicity labels no longer rendered multiple timesFixes #7560. Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions.
#7592
2343e38Thanks @knsv-bot! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams#7589
7fb9509Thanks @NYCU-Chung! - fix(block): prevent column widths from shrinking when mixing different column spans#7632
3f9e0f1Thanks @ekiauhce! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams#7642
7a8fb85Thanks @tractorjuice! - fix(wardley): allow hyphens in unquoted component namesMulti-word names containing hyphens — e.g.
real-time processing,end-user,on-call engineer— now parse without quoting, bringing the grammar in line with the OnlineWardleyMaps (OWM) convention.A->B(no-space arrow) still tokenises correctly.#7523
5144ed4Thanks @darshanr0107! - fix(block): Arrow blocks in block-beta diagrams not spanning the specified number of columns when using:nsyntax.#7262
13d9bfaThanks @darshanr0107! - fix(block): Ensure block diagram hexagon blocks respect column spanning syntax#7684
e14bb88Thanks @aloisklink! - fix: loosenuuiddependency range to allow v14Mermaid does not use any of the vulnerable code in CVE-2026-41907,
but this allows users to silence any
npm auditalerts on it.#7633
9217c0dThanks @Felix-Garci! - fix(block): add support for all arrow types in block diagrams#7587
5e7eb62Thanks @MaddyGuthridge! - chore: drop lodash-es in favour of es-toolkit#7693
afaf306Thanks @dull-bird! - fix(quadrant-chart): allow CJK, emoji, Latin-1 accented characters, and other non-ASCII text in unquoted axis/quadrant/point labels.Previously the lexer only matched ASCII
[A-Za-z]+for text tokens, even though the grammar referencedUNICODE_TEXT. Bare Chinese, Japanese, Korean, emoji, and accented Latin characters in labels caused a parse error. Added a[^\x00-\x7F]+lexer rule to emitUNICODE_TEXTand included it in thealphaNumTokengrammar rule.Fixes #7120.
#7737
4755553Thanks @ashishjain0512! - fix: improve D3 types for mermaidAPI funcs#7737
6476973Thanks @ashishjain0512! - fix: handle&when namespacing CSS rules#7520
8c1a0c1Thanks @RodrigojndSantos! - fix(stateDiagram): comments starting with one%are no longer treated as commentsSwitch to using two
%%if you want to write a comment.Updated dependencies [
7a8fb85,675a64c]:Configuration
📅 Schedule: (in timezone Asia/Shanghai)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.