Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package public, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2018-3731 — CVSS 7.5 (high): public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read…
CVE-2018-16480 — CVSS 6.1 (medium): A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of…
CVE-2018-3747 — CVSS 6.1 (medium): The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious…