Advisories for Npm/Video.js package

The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.