Known technical concerns:
Node.js has a set of built-in modules which you can use without any further installation.
So, in certain circumstances, it is bring out the security concerns.
Known vulnerability modules:
Prototype Pollution Vulnerability in cached-path-relative Package
[tianma-static] Stored xss on filename
[takeapeek] Path traversal allow to expose directory and files