CVE-2016-10641

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.