CVE-2025-54881

Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0

Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration, user-supplied input for sequence diagram labels is passed to innerHTML during element size calculation, leading to a cross-site scripting (XSS) issue.

Recommendations: Update to a version beyond 11.9.0.