Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
6.1CVSS
6.3AI Score
0.001EPSS
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
8.3CVSS
8.4AI Score
0.001EPSS