Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.