NodeJS/mermaid/10.9.2
Markdown-ish syntax for generating flowcharts, mindmaps, sequence diagrams, class diagrams, gantt charts, git graphs and more.
https://www.npmjs.com/package/mermaid
MIT
1 Security Vulnerabilities
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
- https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674
- https://github.com/mermaid-js/mermaid/security/advisories/GHSA-m4gq-x24j-jpmf
- https://github.com/mermaid-js/mermaid/commit/6c785c93166c151d27d328ddf68a13d9d65adc00
- https://github.com/mermaid-js/mermaid/commit/92a07ffe40aab2769dd1c3431b4eb5beac282b34
- https://github.com/advisories/GHSA-m4gq-x24j-jpmf
The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.
This affects the built:
dist/mermaid.min.js
dist/mermaid.js
dist/mermaid.esm.mjs
dist/mermaid.esm.min.mjs
This will also affect users that use the above files via a CDN link, e.g. https://cdn.jsdelivr.net/npm/mermaid@10.9.2/dist/mermaid.min.js
Users that use the default NPM export of mermaid
, e.g. import mermaid from 'mermaid'
, or the dist/mermaid.core.mjs
file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like npm audit fix
.
Patches
develop
branch: 6c785c93166c151d27d328ddf68a13d9d65adc00- backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34
235 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
7.0.12 | MIT | 4 | 2017-09-10 - 14:58 | about 7 years |
7.0.11 | MIT | 4 | 2017-09-09 - 13:49 | about 7 years |
7.0.10 | MIT | 4 | 2017-09-08 - 16:58 | about 7 years |
7.0.9 | MIT | 4 | 2017-09-06 - 03:15 | about 7 years |
7.0.8 | MIT | 4 | 2017-09-03 - 14:18 | about 7 years |
7.0.7 | MIT | 4 | 2017-09-02 - 15:43 | about 7 years |
7.0.6 | MIT | 4 | 2017-09-01 - 13:41 | about 7 years |
7.0.5 | MIT | 4 | 2017-09-01 - 10:39 | about 7 years |
7.0.4 | MIT | 4 | 2017-08-16 - 16:03 | about 7 years |
7.0.3 | MIT | 4 | 2017-06-04 - 04:19 | over 7 years |
7.0.2 | MIT | 4 | 2017-06-01 - 05:42 | over 7 years |
7.0.1 | MIT | 4 | 2017-06-01 - 05:13 | over 7 years |
7.0.0 | MIT | 4 | 2017-01-29 - 11:15 | almost 8 years |
6.0.0 | MIT | 4 | 2016-05-29 - 17:27 | over 8 years |
0.5.8 | MIT | 4 | 2016-01-27 - 14:06 | almost 9 years |
0.5.7 | MIT | 4 | 2016-01-25 - 18:12 | almost 9 years |
0.5.6 | MIT | 4 | 2015-11-22 - 18:09 | almost 9 years |
0.5.5 | MIT | 4 | 2015-10-21 - 19:15 | about 9 years |
0.5.4 | MIT | 4 | 2015-10-19 - 20:09 | about 9 years |
0.5.3 | MIT | 4 | 2015-10-04 - 21:29 | about 9 years |
0.5.2 | MIT | 4 | 2015-10-04 - 21:09 | about 9 years |
0.5.1 | MIT | 4 | 2015-06-21 - 15:27 | over 9 years |
0.5.0 | MIT | 4 | 2015-06-07 - 15:06 | over 9 years |
0.4.0 | MIT | 4 | 2015-03-01 - 15:52 | over 9 years |
0.3.5 | MIT | 4 | 2015-02-15 - 18:38 | over 9 years |
0.3.4 | MIT | 4 | 2015-02-15 - 17:16 | over 9 years |
0.3.3 | MIT | 4 | 2015-01-25 - 15:46 | almost 10 years |
0.3.2 | MIT | 4 | 2015-01-11 - 14:13 | almost 10 years |
0.3.0 | MIT | 4 | 2014-12-22 - 12:55 | almost 10 years |
0.2.16 | MIT | 4 | 2014-12-15 - 18:44 | almost 10 years |
0.2.15 | BSD-2-Clause | 4 | 2014-12-05 - 09:56 | almost 10 years |
0.2.14 | BSD-2-Clause | 4 | 2014-12-03 - 18:36 | almost 10 years |
0.2.13 | BSD-2-Clause | 4 | 2014-12-03 - 18:29 | almost 10 years |
0.2.12 | BSD-2-Clause | 4 | 2014-12-02 - 18:03 | almost 10 years |
0.2.11 | BSD-2-Clause | 4 | 2014-12-02 - 17:39 | almost 10 years |