Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
{ "ubuntu_priority": "medium" }