Is MermAId safe to use?

MermAId has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install MermAId?

MermAId supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with MermAId?

MermAId is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse transport.

Is MermAId actively maintained?

MermAId is actively maintained — last commit was 14 days ago. It has 8 GitHub stars.

MermAId

AI-agent-focused Mermaid editor for planning, with built-in MCP server and CLI tool

ActiveNot tested

Developer Tools

★ 8npm GitHub

54No CVEsactiveApache-2.0

Quick Install

{
  "mcpServers": {
    "mermaid-editor": {
      "args": [
        "--mcp"
      ],
      "command": "/path/to/mermaid-editor"
    }
  }
}

Setup guide

Should you use this server?

AI-agent-focused Mermaid editor for planning, with built-in MCP server and CLI tool

✓

Is it safe?

No known CVEs for esbuild. 1 previously resolved.

No authentication — any process on your machine can connect.

Apache-2.0. View license →

✓

Is it maintained?

Last commit 14 days ago. 8 stars.

Will it work with my client?

Transport: stdio, sse. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'esbuild' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

54C

Last scored 8h ago

How we score →

Security

22/30

No open vulnerabilities. 1 fixed CVE.

✓

Known CVEs — No known CVEs for esbuildcheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

— Tool definitions stable

○

Dependency health — found on deps.dev

✓

License — License: Apache-2.0

○

Authentication — No authentication required

○

Repository — active repo

Advisories (0 open, 1 fixed)

lowCVSS 3.1GHSA-67mh-4wv8-2f99Fixed

esbuild enables any website to send any requests to the development server and read the response

### Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. ### Details esbuild sets `Access-Control-Allow-Origin: *` header to all requests, including the SSE connection, which allows any websites to send any request to the development server and read the response. https://github.com/evanw/esbuild/blob/df815ac27b84f8b34374c9182a93c94718f8a630/pkg/api/serve_other.go#L121 https://github.com/evanw/esbuild/blob/df815a

Affected: >= 0Fixed in 0.25.0Published Feb 10, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mermaid)](https://mcppedia.org/s/mermaid)

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is MermAId safe to use?: MermAId has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install MermAId?: MermAId supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with MermAId?: MermAId is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse transport.
Is MermAId actively maintained?: MermAId is actively maintained — last commit was 14 days ago. It has 8 GitHub stars.

MCP Security Weekly

Get CVE alerts and security updates for MermAId and similar servers.

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?