public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
7.5CVSS
7.3AI Score
0.004EPSS
The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.
6.1CVSS
6.2AI Score
0.001EPSS