Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/118807?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/118807?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3%2Bdeb11u2?distro=bullseye", "type": "deb", "namespace": "debian", "name": "node-mermaid", "version": "8.7.0+ds+~cs27.17.17-3+deb11u2", "qualifiers": { "distro": "bullseye" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41937?format=api", "vulnerability_id": "VCID-13vt-jvny-8yej", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams., malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to to receive a patch. There are no known workarounds aside from upgrading.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66054", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66107", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66089", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66118", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66106", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43861" }, { "reference_url": "https://github.com/mermaid-js/mermaid", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid" }, { "reference_url": "https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83" }, { "reference_url": "https://github.com/mermaid-js/mermaid/releases/tag/8.13.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid/releases/tag/8.13.8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43861", "reference_id": "CVE-2021-43861", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43861" }, { "reference_url": "https://github.com/advisories/GHSA-p3rp-vmj9-gv6v", "reference_id": "GHSA-p3rp-vmj9-gv6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3rp-vmj9-gv6v" }, { "reference_url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v", "reference_id": "GHSA-p3rp-vmj9-gv6v", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118807?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3%2Bdeb11u2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%252Bdeb11u2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-43861", "GHSA-p3rp-vmj9-gv6v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13vt-jvny-8yej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42719?format=api", "vulnerability_id": "VCID-6qr3-tw4s-b7dh", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe package @braintree/sanitize-url before 6.0.0 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23648.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.3141", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31386", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31421", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31418", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31455", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31489", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23648" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648" }, { "reference_url": "https://github.com/braintree/sanitize-url", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url" }, { "reference_url": "https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11" }, { "reference_url": "https://github.com/braintree/sanitize-url/pull/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url/pull/40" }, { "reference_url": "https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "reference_id": "2065290", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", "reference_id": "CVE-2021-23648", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648" }, { "reference_url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq", "reference_id": "GHSA-hqq7-2q2v-82xq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqq7-2q2v-82xq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5069", "reference_id": "RHSA-2022:5069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7519", "reference_id": "RHSA-2022:7519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8057", "reference_id": "RHSA-2022:8057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8057" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118808?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/118807?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3%2Bdeb11u2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%252Bdeb11u2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-23648", "GHSA-hqq7-2q2v-82xq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qr3-tw4s-b7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54677?format=api", "vulnerability_id": "VCID-84dz-3dqp-kudp", "summary": "Cross-site Scripting\nMermaid allows XSS when the antiscript feature is used.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54255", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54243", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54221", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54244", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54246", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35513" }, { "reference_url": "https://github.com/mermaid-js/mermaid/issues/2122", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid/issues/2122" }, { "reference_url": "https://github.com/mermaid-js/mermaid/pull/2123", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid/pull/2123" }, { "reference_url": "https://github.com/mermaid-js/mermaid/pull/2123/commits/3d22fa5d2435de5acc18de6f88474a6e8675a60e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid/pull/2123/commits/3d22fa5d2435de5acc18de6f88474a6e8675a60e" }, { "reference_url": "https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990449", "reference_id": "990449", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990449" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35513", "reference_id": "CVE-2021-35513", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35513" }, { "reference_url": "https://github.com/advisories/GHSA-4f6x-49g2-99fm", "reference_id": "GHSA-4f6x-49g2-99fm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f6x-49g2-99fm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118809?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/118807?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3%2Bdeb11u2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%252Bdeb11u2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2021-35513", "GHSA-4f6x-49g2-99fm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84dz-3dqp-kudp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57889?format=api", "vulnerability_id": "VCID-h2qx-c4c9-jub1", "summary": "Mermaid does not properly sanitize architecture diagram iconText leading to XSS\nIn the default configuration of mermaid 11.9.0, user supplied input for architecture diagram icons is passed to the d3 `html()` method, creating a sink for cross site scripting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0382", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03839", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03855", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03854", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03842", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54880" }, { "reference_url": "https://github.com/mermaid-js/mermaid", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid" }, { "reference_url": "https://github.com/mermaid-js/mermaid/commit/2aa83302795183ea5c65caec3da1edd6cb4791fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T17:09:29Z/" } ], "url": "https://github.com/mermaid-js/mermaid/commit/2aa83302795183ea5c65caec3da1edd6cb4791fc" }, { "reference_url": "https://github.com/mermaid-js/mermaid/commit/734bde38777c9190a5a72e96421c83424442d4e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T17:09:29Z/" } ], "url": "https://github.com/mermaid-js/mermaid/commit/734bde38777c9190a5a72e96421c83424442d4e4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54880", "reference_id": "CVE-2025-54880", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54880" }, { "reference_url": "https://github.com/advisories/GHSA-8gwm-58g9-j8pw", "reference_id": "GHSA-8gwm-58g9-j8pw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8gwm-58g9-j8pw" }, { "reference_url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw", "reference_id": "GHSA-8gwm-58g9-j8pw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T17:09:29Z/" } ], "url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118810?format=api", "purl": "pkg:deb/debian/node-mermaid@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/118807?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3%2Bdeb11u2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%252Bdeb11u2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-54880", "GHSA-8gwm-58g9-j8pw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2qx-c4c9-jub1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57896?format=api", "vulnerability_id": "VCID-wgbq-y2vv-qygv", "summary": "Mermaid improperly sanitizes sequence diagram labels leading to XSS\nIn the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to `innerHTML` during calculation of element size, causing XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08609", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08646", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0866", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08676", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08656", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54881" }, { "reference_url": "https://github.com/mermaid-js/mermaid", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mermaid-js/mermaid" }, { "reference_url": "https://github.com/mermaid-js/mermaid/commit/5c69e5fdb004a6d0a2abe97e23d26e223a059832", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-19T18:10:57Z/" } ], "url": "https://github.com/mermaid-js/mermaid/commit/5c69e5fdb004a6d0a2abe97e23d26e223a059832" }, { "reference_url": "https://github.com/mermaid-js/mermaid/commit/685516a85ec1df64cefd4fd15f26533be87d458e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-19T18:10:57Z/" } ], "url": "https://github.com/mermaid-js/mermaid/commit/685516a85ec1df64cefd4fd15f26533be87d458e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54881", "reference_id": "CVE-2025-54881", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54881" }, { "reference_url": "https://github.com/advisories/GHSA-7rqq-prvp-x9jh", "reference_id": "GHSA-7rqq-prvp-x9jh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rqq-prvp-x9jh" }, { "reference_url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh", "reference_id": "GHSA-7rqq-prvp-x9jh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-19T18:10:57Z/" } ], "url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/118810?format=api", "purl": "pkg:deb/debian/node-mermaid@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/118807?format=api", "purl": "pkg:deb/debian/node-mermaid@8.7.0%2Bds%2B~cs27.17.17-3%2Bdeb11u2?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%252Bdeb11u2%3Fdistro=bullseye" } ], "aliases": [ "CVE-2025-54881", "GHSA-7rqq-prvp-x9jh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgbq-y2vv-qygv" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-mermaid@8.7.0%252Bds%252B~cs27.17.17-3%252Bdeb11u2%3Fdistro=bullseye" }