[Git][security-tracker-team/security-tracker][master] Add two new mermaid issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 23 08:32:54 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea270454 by Salvatore Bonaccorso at 2026-05-23T09:32:31+02:00
Add two new mermaid issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,9 +21,15 @@ CVE-2026-42901 (Origin validation error in Microsoft Entra ID allows an unauthor
 CVE-2026-42827 (Improper neutralization of special elements used in a command ('comman ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-41149 (Mermaid is a JavaScript tool that uses Markdown-inspired text to creat ...)
-	TODO: check
+	- node-mermaid <removed>
+	NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr
+	NOTE: Fixed by: https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056 (mermaid at 11.15.0)
+	NOTE: Fixed by: https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3 (v10.9.6)
 CVE-2026-41148 (Mermaid is a JavaScript tool that uses Markdown-inspired text to creat ...)
-	TODO: check
+	- node-mermaid <removed>
+	NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r
+	NOTE: Fixed by: https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f (mermaid at 11.15.0)
+	NOTE: Fixed by: https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102 (v10.9.6)
 CVE-2026-41147 (NukeViet CMS is a multi Content Management System. Versions 4.5.07 and ...)
 	TODO: check
 CVE-2026-41104 (Deserialization of untrusted data in Microsoft Planetary Computer Pro  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea270454e3ee2daaef7c6ece5e1b34ac7632961f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea270454e3ee2daaef7c6ece5e1b34ac7632961f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260523/871d93df/attachment.htm>

More information about the debian-security-tracker-commits mailing list