Injection Vulnerability
libnotify allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
Advisories for Npm/Libnotify package
2020
2013
Potential Command Injection
Untrusted input passed in the call to libnotify.notify could result in execution of shell commands. Callers may be unaware of this.