CVE-2017-16187
open-device is vulnerable to a directory traversal flaw. An attacker can access the host filesystem by supplying traversal sequences (e.g., ../../). Public advisories confirm there is no patch and recommend limiting use to local development or replacing the package.