Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
Moderate severity
GitHub Reviewed
Published
May 11, 2026
in
mermaid-js/mermaid
•
Updated May 12, 2026
Give feedback on Dependabot alerts