libnmap is an API to access nmap from node.js.
Affected versions of this package are vulnerable to Arbitrary Command Injection. If the attacker is allowed to provide the "range" field for the network scan, they could inject arbitrary OS commands instead of a valid IP range.
libnmap to version 0.4.16 or higher.
Do your applications use this vulnerable package?