Advisories for Npm/Public package

2020
2019

Cross-site Scripting

A XSS vulnerability was found in module public that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.

2018

Path Traversal

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.