Discourse Mermaid
By the Year
In 2024 there have been 0 vulnerabilities in Discourse Mermaid . Last year Mermaid had 1 security vulnerability published. Right now, Mermaid is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.40 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Mermaid vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Discourse Mermaid Security Vulnerabilities
Discourse Mermaid (discourse-mermaid-theme-component)
CVE-2022-46180
5.4 - Medium
- January 04, 2023
Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Discourse Mermaid or by Discourse? Click the Watch button to subscribe.
