{"id":"CVE-2021-35513","details":"Mermaid before 8.11.0 allows XSS when the antiscript feature is used.","aliases":["GHSA-4f6x-49g2-99fm"],"modified":"2026-04-10T04:35:25.722556Z","published":"2021-06-27T12:15:08.100Z","references":[{"type":"ADVISORY","url":"https://github.com/mermaid-js/mermaid/issues/2122"},{"type":"ADVISORY","url":"https://github.com/mermaid-js/mermaid/releases/tag/8.11.0-rc2"},{"type":"FIX","url":"https://github.com/mermaid-js/mermaid/pull/2123"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mermaid-js/mermaid","events":[{"introduced":"0"},{"fixed":"eef4ef54a177c96b0efcf1c8c98f8d4d9f454e00"},{"fixed":"1d782678715699e8485480bff309adc2b648c7c1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"8.11.0"}]}}],"versions":["0.1.0","0.1.1","0.2.0","0.2.1","0.2.13","0.2.14","0.2.15","0.2.16","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.4.0","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","6.0.0","7.0.0","7.0.2","7.0.3","7.0.5","8.1.0","8.2.0","8.2.1","8.2.2","8.2.3","8.2.4","8.2.5","8.2.6","8.3.0","8.4.4","8.4.6","8.4.8","8.5.1","8.5.2","8.6.0","8.6.2","8.7.0","8.8.0","8.8.2","8.8.3","8.9.0","8.9.1","8.9.2","8.9.3","untagged-31c93788afe260d914bb","untagged-502e9410f3e7fd2ed484","untagged-566ebfbf21141b604025","untagged-7651dabb407ecd5631ce","untagged-f43366252632a1a42020","untagged-f83ec2a9deaf6677e0c7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35513.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}